hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into tutorial/library-pack

Browse Source
This commit is contained in:
Aditya Sharad
2023-01-03 14:08:37 -08:00
committed by GitHub
parent d2ee8c08c0 c5138674a4
commit 9988c19a42
406 changed files with 26663 additions and 5387 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2022-12-15-empty-multiline-comments.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* We now correctly handle empty block comments, like `/**/`. Previously these could be mistaken for Javadoc comments and led to attribution of Javadoc tags to the wrong declaration.

4
java/ql/lib/change-notes/2022-12-16-add-top-jdk-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more dataflow models for frequently-used JDK APIs.

32
java/ql/lib/ext/java.lang.model.yml
View File

@@ -37,12 +37,17 @@ extensions:
- ["java.lang", "CharSequence", True, "charAt", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "CharSequence", True, "subSequence", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "CharSequence", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "IllegalArgumentException", False, "IllegalArgumentException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "IllegalStateException", False, "IllegalStateException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "Integer", False, "parseInt", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"]
- ["java.lang", "Iterable", True, "iterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Iterable", True, "spliterator", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"]
- ["java.lang", "Object", True, "clone", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"]
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
- ["java.lang", "RuntimeException", False, "RuntimeException", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
- ["java.lang", "String", False, "String", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -82,7 +87,34 @@ extensions:
- ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
- ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
- ["java.lang", "Throwable", False, "getCause", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
- ["java.lang", "Throwable", False, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.lang", "Class", "getName", "()", "manual"]
- ["java.lang", "Class", "getSimpleName", "()", "manual"]
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
- ["java.lang", "Enum", "equals", "(Object)", "manual"]
- ["java.lang", "Enum", "name", "()", "manual"]
- ["java.lang", "Enum", "toString", "()", "manual"]
- ["java.lang", "Object", "equals", "(Object)", "manual"]
- ["java.lang", "Object", "getClass", "()", "manual"]
- ["java.lang", "Object", "hashCode", "()", "manual"]
- ["java.lang", "Object", "toString", "()", "manual"]
- ["java.lang", "String", "contains", "(CharSequence)", "manual"]
- ["java.lang", "String", "equals", "(Object)", "manual"]
- ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
- ["java.lang", "String", "hashCode", "()", "manual"]
- ["java.lang", "String", "isEmpty", "()", "manual"]
- ["java.lang", "String", "length", "()", "manual"]
- ["java.lang", "String", "startsWith", "(String)", "manual"]
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]

6
java/ql/lib/ext/java.math.model.yml Normal file
View File

@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]

6
java/ql/lib/ext/java.sql.model.yml
View File

@@ -14,3 +14,9 @@ extensions:
- ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]

23
java/ql/lib/ext/java.util.model.yml
View File

@@ -355,3 +355,26 @@ extensions:
- ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
- ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.util", "Collections", "emptyList", "()", "manual"]
- ["java.util", "Collection", "size", "()", "manual"]
- ["java.util", "Iterator", "hasNext", "()", "manual"]
- ["java.util", "List", "contains", "(Object)", "manual"]
- ["java.util", "List", "isEmpty", "()", "manual"]
- ["java.util", "List", "size", "()", "manual"]
- ["java.util", "Map", "containsKey", "(Object)", "manual"]
- ["java.util", "Map", "isEmpty", "()", "manual"]
- ["java.util", "Map", "size", "()", "manual"]
- ["java.util", "Objects", "equals", "(Object,Object)", "manual"]
- ["java.util", "Objects", "hash", "(Object[])", "manual"]
- ["java.util", "Optional", "empty", "()", "manual"]
- ["java.util", "Optional", "isPresent", "()", "manual"]
- ["java.util", "Set", "contains", "(Object)", "manual"]
- ["java.util", "Set", "isEmpty", "()", "manual"]
- ["java.util", "Set", "size", "()", "manual"]
- ["java.util", "UUID", "randomUUID", "()", "manual"]
- ["java.util", "UUID", "toString", "()", "manual"]

6
java/ql/lib/ext/java.util.stream.model.yml
View File

@@ -87,3 +87,9 @@ extensions:
- ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
- ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.util.stream", "Collectors", "toList", "()", "manual"]

8
java/ql/lib/semmle/code/java/Javadoc.qll
View File

@@ -33,7 +33,11 @@ class Javadoc extends JavadocParent, @javadoc {
string getAuthor() { result = this.getATag("@author").getChild(0).toString() }
override string toString() {
result = this.toStringPrefix() + this.getChild(0) + this.toStringPostfix()
exists(string childStr |
if exists(this.getChild(0)) then childStr = this.getChild(0).toString() else childStr = ""
|
result = this.toStringPrefix() + childStr + this.toStringPostfix()
)
}
private string toStringPrefix() {
@@ -48,7 +52,7 @@ class Javadoc extends JavadocParent, @javadoc {
if isEolComment(this)
then result = ""
else (
if strictcount(this.getAChild()) = 1 then result = " */" else result = " ... */"
if strictcount(this.getAChild()) > 1 then result = " ... */" else result = " */"
)
}

6
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll
View File

@@ -260,6 +260,12 @@ module Public {
* Holds if the neutral is auto generated.
*/
predicate isAutoGenerated() { neutralElement(this, true) }
/**
* Holds if the neutral has the given provenance where `true` is
* `generated` and `false` is `manual`.
*/
predicate hasProvenance(boolean generated) { neutralElement(this, generated) }
}
}

140
java/ql/lib/semmle/code/java/security/AndroidCertificatePinningQuery.qll Normal file
View File

@@ -0,0 +1,140 @@
/** Definitions for the Android Missing Certificate Pinning query. */
import java
import semmle.code.xml.AndroidManifest
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.frameworks.Networking
import semmle.code.java.security.Encryption
import semmle.code.java.security.HttpsUrls
/** An Android Network Security Configuration XML file. */
class AndroidNetworkSecurityConfigFile extends XmlFile {
AndroidNetworkSecurityConfigFile() {
exists(AndroidApplicationXmlElement app, AndroidXmlAttribute confAttr, string confName |
confAttr.getElement() = app and
confAttr.getValue() = "@xml/" + confName and
this.getRelativePath().matches("%res/xml/" + confName + ".xml") and
this.getARootElement().getName() = "network-security-config"
)
}
}
/** Holds if this database is of an Android application. */
predicate isAndroid() { exists(AndroidManifestXmlFile m) }
/** Holds if the given domain name is trusted by the Network Security Configuration XML file. */
private predicate trustedDomainViaXml(string domainName) {
exists(
AndroidNetworkSecurityConfigFile confFile, XmlElement domConf, XmlElement domain,
XmlElement trust
|
domConf.getFile() = confFile and
domConf.getName() = "domain-config" and
domain.getParent() = domConf and
domain.getName() = "domain" and
domain.getACharactersSet().getCharacters() = domainName and
trust.getParent() = domConf and
trust.getName() = ["trust-anchors", "pin-set"]
)
}
/** Holds if the given domain name is trusted by an OkHttp `CertificatePinner`. */
private predicate trustedDomainViaOkHttp(string domainName) {
exists(CompileTimeConstantExpr domainExpr, MethodAccess certPinnerAdd |
domainExpr.getStringValue().replaceAll("*.", "") = domainName and // strip wildcard patterns like *.example.com
certPinnerAdd.getMethod().hasQualifiedName("okhttp3", "CertificatePinner$Builder", "add") and
DataFlow::localExprFlow(domainExpr, certPinnerAdd.getArgument(0))
)
}
/** Holds if the given domain name is trusted by some certificate pinning implementation. */
predicate trustedDomain(string domainName) {
trustedDomainViaXml(domainName)
or
trustedDomainViaOkHttp(domainName)
}
/**
* Holds if `setSocketFactory` is a call to `HttpsURLConnection.setSSLSocketFactory` or `HttpsURLConnection.setDefaultSSLSocketFactory`
* that uses a socket factory derived from a `TrustManager`.
* `default` is true if the default SSL socket factory for all URLs is being set.
*/
private predicate trustedSocketFactory(MethodAccess setSocketFactory, boolean default) {
exists(MethodAccess getSocketFactory, MethodAccess initSslContext |
exists(Method m | setSocketFactory.getMethod() = m |
default = true and m instanceof SetDefaultConnectionFactoryMethod
or
default = false and m instanceof SetConnectionFactoryMethod
) and
initSslContext.getMethod().getDeclaringType() instanceof SslContext and
initSslContext.getMethod().hasName("init") and
getSocketFactory.getMethod().getASourceOverriddenMethod*() instanceof GetSocketFactory and
not initSslContext.getArgument(1) instanceof NullLiteral and
DataFlow::localExprFlow(initSslContext.getQualifier(), getSocketFactory.getQualifier()) and
DataFlow::localExprFlow(getSocketFactory, setSocketFactory.getArgument(0))
)
}
/**
* Holds if the given expression is an qualifier to a `URL.openConnection` or `URL.openStream` call
* that is trusted due to its SSL socket factory being set.
*/
private predicate trustedUrlConnection(Expr url) {
exists(MethodAccess openCon |
openCon.getMethod().getASourceOverriddenMethod*() instanceof UrlOpenConnectionMethod and
url = openCon.getQualifier() and
exists(MethodAccess setSocketFactory |
trustedSocketFactory(setSocketFactory, false) and
TaintTracking::localExprTaint(openCon, setSocketFactory.getQualifier())
)
)
or
trustedSocketFactory(_, true) and
exists(MethodAccess open, Method m |
m instanceof UrlOpenConnectionMethod or m instanceof UrlOpenStreamMethod
|
open.getMethod().getASourceOverriddenMethod*() = m and
url = open.getQualifier()
)
}
private class MissingPinningSink extends DataFlow::Node {
MissingPinningSink() {
this instanceof UrlOpenSink and
not trustedUrlConnection(this.asExpr())
}
}
/** Configuration for finding uses of non trusted URLs. */
private class UntrustedUrlConfig extends TaintTracking::Configuration {
UntrustedUrlConfig() { this = "UntrustedUrlConfig" }
override predicate isSource(DataFlow::Node node) {
trustedDomain(_) and
exists(string lit | lit = node.asExpr().(CompileTimeConstantExpr).getStringValue() |
lit.matches("%://%") and // it's a URL
not exists(string dom | trustedDomain(dom) and lit.matches("%" + dom + "%"))
)
}
override predicate isSink(DataFlow::Node node) { node instanceof MissingPinningSink }
}
/** Holds if `node` is a network communication call for which certificate pinning is not implemented. */
predicate missingPinning(DataFlow::Node node, string domain) {
isAndroid() and
node instanceof MissingPinningSink and
(
not trustedDomain(_) and domain = ""
or
exists(UntrustedUrlConfig conf, DataFlow::Node src |
conf.hasFlow(src, node) and
domain = getDomain(src.asExpr())
)
)
}
/** Gets the domain name from the given string literal */
private string getDomain(CompileTimeConstantExpr expr) {
result = expr.getStringValue().regexpCapture("(https?://)?([^/]*)(/.*)?", 2)
}

9
java/ql/lib/semmle/code/java/security/Encryption.qll
View File

@@ -143,6 +143,7 @@ class CreateSslEngineMethod extends Method {
}
}
/** The `setConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
class SetConnectionFactoryMethod extends Method {
SetConnectionFactoryMethod() {
this.hasName("setSSLSocketFactory") and
@@ -150,6 +151,14 @@ class SetConnectionFactoryMethod extends Method {
}
}
/** The `setDefaultConnectionFactory` method of the class `javax.net.ssl.HttpsURLConnection`. */
class SetDefaultConnectionFactoryMethod extends Method {
SetDefaultConnectionFactoryMethod() {
this.hasName("setDefaultSSLSocketFactory") and
this.getDeclaringType().getAnAncestor() instanceof HttpsUrlConnection
}
}
class SetHostnameVerifierMethod extends Method {
SetHostnameVerifierMethod() {
this.hasName("setHostnameVerifier") and

4
java/ql/src/AlertSuppression.ql
View File

@@ -5,7 +5,7 @@
* @id java/alert-suppression
*/
private import codeql.suppression.AlertSuppression as AS
private import codeql.util.suppression.AlertSuppression as AS
private import semmle.code.java.Javadoc
class SingleLineComment extends Javadoc {
@@ -18,4 +18,4 @@ class SingleLineComment extends Javadoc {
string getText() { result = this.getChild(0).getText() }
}
import AS::Make<SingleLineComment>
import AS::Make<Top, SingleLineComment>

6
java/ql/src/AlertSuppressionAnnotations.ql
View File

@@ -12,8 +12,8 @@ import Metrics.Internal.Extents
/** Gets the LGTM suppression annotation text in the string `s`, if any. */
bindingset[s]
string getAnnotationText(string s) {
// match `lgtm[...]` anywhere in the comment
result = s.regexpFind("(?i)\\blgtm\\s*\\[[^\\]]*\\]", _, _)
// match `lgtm[...]` or `codeql[...]` anywhere in the comment
result = s.regexpFind("(?i)\\b(lgtm|codeql)\\s*\\[[^\\]]*\\]", _, _).trim()
}
/**
@@ -96,5 +96,5 @@ where
annotationText = getAnnotationText(text)
select c, // suppression entity
text, // full text of suppression string
annotationText, // LGTM suppression annotation text
annotationText.regexpReplaceAll("(?i)^codeql", "lgtm"), // LGTM suppression annotation text
c.getScope() // scope of suppression

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
View File

@@ -1,6 +1,6 @@
/**
* @name Access Java object methods through JavaScript exposure
* @id java/android-webview-addjavascriptinterface
* @id java/android/webview-addjavascriptinterface
* @description Exposing a Java object in a WebView with a JavaScript interface can lead to malicious JavaScript controlling the application.
* @kind problem
* @problem.severity warning

2
java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
View File

@@ -2,7 +2,7 @@
* @name Android WebView JavaScript settings
* @description Enabling JavaScript execution in a WebView can result in cross-site scripting attacks.
* @kind problem
* @id java/android-websettings-javascript-enabled
* @id java/android/websettings-javascript-enabled
* @problem.severity warning
* @security-severity 6.1
* @precision medium

2
java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
View File

@@ -2,7 +2,7 @@
* @name Android WebSettings file access
* @kind problem
* @description Enabling access to the file system in a WebView allows attackers to view sensitive information.
* @id java/android-websettings-file-access
* @id java/android/websettings-file-access
* @problem.severity warning
* @security-severity 6.5
* @precision medium

48
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.qhelp Normal file
View File

@@ -0,0 +1,48 @@
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
Certificate pinning is the practice of only trusting a specific set of SSL certificates, rather than those that the device trusts by default.
In Android applications, it is reccomended to use certificate pinning when communicating over the network,
in order to minimize the risk of machine-in-the-middle attacks from a compromised CA.
</p>
</overview>
<recommendation>
<p>
The easiest way to implement certificate pinning is to declare your pins in a <code>network-security-config</code> XML file.
This will automatically provide certificate pinning for any network connection made by the app.
</p>
<p>
Another way to implement certificate pinning is to use the `CertificatePinner` class from the `okhttp` library.
</p>
<p>
A final way to implement certificate pinning is to use a <code>TrustManager</code>, initialized from a <code>KeyStore</code> loaded with only the necessary certificates.
</p>
</recommendation>
<example>
<p>
In the first (bad) case below, a network call is performed with no certificate pinning implemented.
The other (good) cases demonstrate the different ways to implement certificate pinning.
</p>
<sample src="AndroidMissingCertificatePinning1.java" />
<sample src="AndroidMissingCertificatePinning2.xml" />
<sample src="AndroidMissingCertificatePinning3.java" />
</example>
<references>
<li>
OWASP Mobile Security: <a href="https://mobile-security.gitbook.io/mobile-security-testing-guide/android-testing-guide/0x05g-testing-network-communication#testing-custom-certificate-stores-and-certificate-pinning-mstg-network-4">Testing Custom Certificate Stores and Certificate Pinning (MSTG-NETWORK-4)</a>.
</li>
<li>
Android Developers: <a href="https://developer.android.com/training/articles/security-config">Network security configuration</a>.
</li>
<li>
OkHttp: <a href="https://square.github.io/okhttp/4.x/okhttp/okhttp3/-certificate-pinner/">CertificatePinner</a>.
</li>
</references>
</qhelp>

22
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql Normal file
View File

@@ -0,0 +1,22 @@
/**
* @name Android missing certificate pinning
* @description Network connections that do not use certificate pinning may allow attackers to eavesdrop on communications.
* @kind problem
* @problem.severity warning
* @security-severity 5.9
* @precision medium
* @id java/android/missing-certificate-pinning
* @tags security
* external/cwe/cwe-295
*/
import java
import semmle.code.java.security.AndroidCertificatePinningQuery
from DataFlow::Node node, string domain, string msg
where
missingPinning(node, domain) and
if domain = ""
then msg = "(no explicitly trusted domains)"
else msg = "(" + domain + " is not trusted by a pin)"
select node, "This network call does not implement certificate pinning. " + msg

2
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning1.java Normal file
View File

@@ -0,0 +1,2 @@
// BAD - By default, this network call does not use certificate pinning
URLConnection conn = new URL("https://example.com").openConnection();

21
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning2.xml Normal file
View File

@@ -0,0 +1,21 @@
<!-- GOOD: Certificate pinning implemented via a Network Security Config file -->
<!-- In AndroidManifest.xml -->
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app">
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
...
</application>
</manifest>
<!-- In res/xml/NetworkSecurityConfig.xml -->
<network-security-config>
<domain-config>
<domain>good.example.com</domain>
<pin-set expiration="2038/1/19">
<pin digest="SHA-256">...</pin>
</pin-set>
</domain-config>
</network-security-config>

26
java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning3.java Normal file
View File

@@ -0,0 +1,26 @@
// GOOD: Certificate pinning implemented via okhttp3.CertificatePinner
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
client.newCall(new Request.Builder().url("https://example.com").build()).execute();
// GOOD: Certificate pinning implemented via a TrustManager
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(resources.openRawResource(R.raw.cert), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
URL url = new URL("http://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());

4
java/ql/src/change-notes/2022-11-30-android-certificate-pinning.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: newQuery
---
* Added a new query, `java/android/missing-certificate-pinning`, to find network calls where certificate pinning is not implemented.

4
java/ql/src/change-notes/2022-12-19-alert-suppressions.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The `AlertSuppression.ql` query has been updated to support the new `// codeql[query-id]` supression comments. These comments can be used to suppress an alert and must be placed on a blank line before the alert. In addition the legacy `// lgtm` and `// lgtm[query-id]` comments can now also be place on the line before an alert.

10
java/ql/test/experimental/query-tests/security/CWE-400/ThreadResourceAbuse.expected
View File

@@ -12,8 +12,14 @@ edges
| ThreadResourceAbuse.java:71:15:71:17 | parameter this [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number |
| ThreadResourceAbuse.java:74:18:74:25 | this <.field> [waitTime] : Number | ThreadResourceAbuse.java:74:18:74:25 | waitTime |
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | ThreadResourceAbuse.java:144:34:144:42 | delayTime |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:173:37:173:42 | header : String |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | ThreadResourceAbuse.java:176:17:176:26 | retryAfter |
| ThreadResourceAbuse.java:173:37:173:42 | header : String | ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number |
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number |
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | UploadListener.java:28:14:28:19 | parameter this [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | UploadListener.java:15:24:15:44 | sleepMilliseconds : Number |
@@ -42,8 +48,12 @@ nodes
| ThreadResourceAbuse.java:141:27:141:43 | getValue(...) : String | semmle.label | getValue(...) : String |
| ThreadResourceAbuse.java:144:34:144:42 | delayTime | semmle.label | delayTime |
| ThreadResourceAbuse.java:172:19:172:50 | getHeader(...) : String | semmle.label | getHeader(...) : String |
| ThreadResourceAbuse.java:173:20:173:43 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ThreadResourceAbuse.java:173:37:173:42 | header : String | semmle.label | header : String |
| ThreadResourceAbuse.java:176:17:176:26 | retryAfter | semmle.label | retryAfter |
| ThreadResourceAbuse.java:206:28:206:56 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| ThreadResourceAbuse.java:207:22:207:53 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ThreadResourceAbuse.java:207:39:207:52 | uploadDelayStr : String | semmle.label | uploadDelayStr : String |
| ThreadResourceAbuse.java:209:30:209:87 | new UploadListener(...) [slowUploads] : Number | semmle.label | new UploadListener(...) [slowUploads] : Number |
| ThreadResourceAbuse.java:209:49:209:59 | uploadDelay : Number | semmle.label | uploadDelay : Number |
| UploadListener.java:15:24:15:44 | sleepMilliseconds : Number | semmle.label | sleepMilliseconds : Number |

6
java/ql/test/experimental/query-tests/security/CWE-755/NFEAndroidDoS.expected
View File

@@ -3,8 +3,12 @@ edges
| NFEAndroidDoS.java:13:24:13:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:14:21:14:51 | parseDouble(...) |
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | NFEAndroidDoS.java:23:32:23:39 | widthStr : Object |
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | NFEAndroidDoS.java:23:15:23:40 | parseInt(...) |
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | NFEAndroidDoS.java:26:33:26:41 | heightStr : Object |
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | NFEAndroidDoS.java:26:16:26:42 | parseInt(...) |
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:44:21:44:43 | new Double(...) |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | NFEAndroidDoS.java:47:21:47:47 | valueOf(...) |
@@ -15,9 +19,11 @@ nodes
| NFEAndroidDoS.java:22:21:22:31 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:22:21:22:55 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:23:15:23:40 | parseInt(...) | semmle.label | parseInt(...) |
| NFEAndroidDoS.java:23:32:23:39 | widthStr : Object | semmle.label | widthStr : Object |
| NFEAndroidDoS.java:25:22:25:32 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:25:22:25:57 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:26:16:26:42 | parseInt(...) | semmle.label | parseInt(...) |
| NFEAndroidDoS.java:26:33:26:41 | heightStr : Object | semmle.label | heightStr : Object |
| NFEAndroidDoS.java:43:24:43:34 | getIntent(...) : Intent | semmle.label | getIntent(...) : Intent |
| NFEAndroidDoS.java:43:24:43:61 | getStringExtra(...) : Object | semmle.label | getStringExtra(...) : Object |
| NFEAndroidDoS.java:44:21:44:43 | new Double(...) | semmle.label | new Double(...) |

45
java/ql/test/ext/TestModels/Test.java Normal file
View File

@@ -0,0 +1,45 @@
import java.math.BigDecimal;
import java.sql.ResultSet;
public class Test {
void sink(Object o) { }
Object source() { return null; }
public void test() throws Exception {
Exception e1 = new RuntimeException((String)source());
sink((String)e1.getMessage()); // $hasValueFlow
Exception e2 = new RuntimeException((Throwable)source());
sink((Throwable)e2.getCause()); // $hasValueFlow
Exception e3 = new IllegalArgumentException((String)source());
sink((String)e3.getMessage()); // $hasValueFlow
Exception e4 = new IllegalStateException((String)source());
sink((String)e4.getMessage()); // $hasValueFlow
Throwable t = new Throwable((Throwable)source());
sink((Throwable)t.getCause()); // $hasValueFlow
Integer x = (Integer)source();
int y = x;
sink(String.valueOf(y)); // $hasTaintFlow
String s1 = (String)source();
sink(Integer.parseInt(s1)); // $hasTaintFlow
String s2 = (String)source();
int i = 0;
sink(s2.charAt(i)); // $hasTaintFlow
String s3 = (String)source();
sink(new BigDecimal(s3)); // $hasTaintFlow
ResultSet rs = (ResultSet)source();
sink(rs.getString("")); // $hasTaintFlow
}
}

0
java/ql/test/ext/TestModels/test.expected Normal file
View File

2
java/ql/test/ext/TestModels/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

97
java/ql/test/ext/TopJdkApis/TopJdkApis.qll Normal file
View File

@@ -0,0 +1,97 @@
/** Provides classes and predicates for working with Top JDK APIs. */
import java
private import semmle.code.java.dataflow.FlowSummary
private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.java.dataflow.ExternalFlow
/** Holds if the given API name is a top JDK API. */
predicate topJdkApiName(string apiName) {
apiName in [
// top 100 JDK APIs
"java.lang.StringBuilder#append(String)", "java.util.List#get(int)",
"java.util.List#add(Object)", "java.util.Map#put(Object,Object)",
"java.lang.String#equals(Object)", "java.util.Map#get(Object)", "java.util.List#size()",
"java.util.Collection#stream()", "java.lang.Object#getClass()",
"java.util.stream.Stream#collect(Collector)", "java.util.Objects#equals(Object,Object)",
"java.lang.String#format(String,Object[])", "java.util.stream.Stream#map(Function)",
"java.lang.Throwable#getMessage()", "java.util.Arrays#asList(Object[])",
"java.lang.String#equalsIgnoreCase(String)", "java.util.List#isEmpty()",
"java.util.Set#add(Object)", "java.util.HashMap#put(Object,Object)",
"java.util.stream.Collectors#toList()", "java.lang.StringBuilder#append(char)",
"java.util.stream.Stream#filter(Predicate)", "java.lang.String#length()",
"java.lang.Enum#name()", "java.lang.Object#toString()", "java.util.Optional#get()",
"java.lang.StringBuilder#toString()",
"java.lang.IllegalArgumentException#IllegalArgumentException(String)",
"java.lang.Class#getName()", "java.lang.Enum#Enum(String,int)",
"java.io.PrintWriter#write(String)", "java.util.Entry#getValue()", "java.util.Entry#getKey()",
"java.util.Iterator#next()", "java.lang.Object#hashCode()",
"java.util.Optional#orElse(Object)", "java.lang.StringBuffer#append(String)",
"java.util.Collections#singletonList(Object)", "java.lang.Iterable#forEach(Consumer)",
"java.util.Optional#of(Object)", "java.lang.String#contains(CharSequence)",
"java.util.ArrayList#add(Object)", "java.util.Optional#ofNullable(Object)",
"java.util.Collections#emptyList()", "java.math.BigDecimal#BigDecimal(String)",
"java.lang.System#currentTimeMillis()", "java.lang.Object#equals(Object)",
"java.util.Map#containsKey(Object)", "java.util.Optional#isPresent()",
"java.lang.String#trim()", "java.util.List#addAll(Collection)",
"java.util.Set#contains(Object)", "java.util.Optional#map(Function)",
"java.util.Map#entrySet()", "java.util.Optional#empty()",
"java.lang.Integer#parseInt(String)", "java.lang.String#startsWith(String)",
"java.lang.IllegalStateException#IllegalStateException(String)",
"java.lang.Enum#equals(Object)", "java.util.Iterator#hasNext()",
"java.util.List#contains(Object)", "java.lang.String#substring(int,int)",
"java.util.List#of(Object)", "java.util.Objects#hash(Object[])",
"java.lang.RuntimeException#RuntimeException(String)", "java.lang.String#isEmpty()",
"java.lang.String#replace(CharSequence,CharSequence)", "java.util.Set#size()",
"java.io.File#File(String)", "java.lang.StringBuilder#append(Object)",
"java.lang.String#split(String)", "java.util.Map#values()", "java.util.UUID#randomUUID()",
"java.util.ArrayList#ArrayList(Collection)", "java.util.Map#keySet()",
"java.sql.ResultSet#getString(String)", "java.lang.String#hashCode()",
"java.lang.Throwable#Throwable(Throwable)", "java.util.HashMap#get(Object)",
"java.lang.Class#getSimpleName()", "java.util.Set#isEmpty()", "java.util.Map#size()",
"java.lang.String#substring(int)", "java.util.Map#remove(Object)",
"java.lang.Throwable#printStackTrace()", "java.util.stream.Stream#findFirst()",
"java.util.Optional#ifPresent(Consumer)", "java.lang.String#valueOf(Object)",
"java.lang.String#toLowerCase()", "java.util.UUID#toString()",
"java.lang.StringBuilder#append(int)", "java.util.Objects#requireNonNull(Object,String)",
"java.nio.file.Path#resolve(String)", "java.lang.Enum#toString()",
"java.lang.RuntimeException#RuntimeException(Throwable)", "java.util.Collection#size()",
"java.lang.String#charAt(int)", "java.util.stream.Stream#forEach(Consumer)",
"java.util.Map#isEmpty()", "java.lang.String#valueOf(int)"
]
}
/** Holds if `c` has the MaD-formatted name `apiName`. */
predicate hasApiName(Callable c, string apiName) {
apiName =
c.getDeclaringType().getPackage() + "." + c.getDeclaringType().getSourceDeclaration() + "#" +
c.getName() + paramsString(c)
}
/** A top JDK API. */
class TopJdkApi extends SummarizedCallableBase {
TopJdkApi() {
exists(string apiName |
hasApiName(this.asCallable(), apiName) and
topJdkApiName(apiName)
)
}
/** Holds if this API has a manual summary model. */
private predicate hasManualSummary() { this.(SummarizedCallable).hasProvenance(false) }
/** Holds if this API has a manual neutral model. */
private predicate hasManualNeutral() {
this.(FlowSummaryImpl::Public::NeutralCallable).hasProvenance(false)
}
/** Holds if this API has a manual MaD model. */
predicate hasManualMadModel() { this.hasManualSummary() or this.hasManualNeutral() }
/*
* Note: the following top-100 APIs are not modeled with MaD:
* java.util.stream.Stream#collect(Collector) : handled separately on a case-by-case basis as it is too complex for MaD
* java.lang.String#valueOf(Object) : also a complex case; an alias for `Object.toString`, except the dispatch is hidden
* java.lang.Throwable#printStackTrace() : should probably not be a general step, but there might be specialised queries that care
*/
}

3
java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected Normal file
View File

@@ -0,0 +1,3 @@
| java.lang.String#valueOf(Object) | no manual model |
| java.lang.Throwable#printStackTrace() | no manual model |
| java.util.stream.Stream#collect(Collector) | no manual model |

14
java/ql/test/ext/TopJdkApis/TopJdkApisTest.java Normal file
View File

@@ -0,0 +1,14 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.Map;
import java.util.HashMap;
import java.math.BigDecimal;
import java.sql.ResultSet;
import java.lang.System;
import java.lang.IllegalStateException;
public class TopJdkApisTest { }

17
java/ql/test/ext/TopJdkApis/TopJdkApisTest.ql Normal file
View File

@@ -0,0 +1,17 @@
import java
import TopJdkApis
from string apiName, string message
where
// top jdk api names for which there is no callable
topJdkApiName(apiName) and
not hasApiName(_, apiName) and
message = "no callable"
or
// top jdk api names for which there isn't a manual model
exists(TopJdkApi topApi |
not topApi.hasManualMadModel() and
hasApiName(topApi.asCallable(), apiName) and
message = "no manual model"
)
select apiName, message order by apiName

12
java/ql/test/library-tests/comments/PrintAst.expected
View File

@@ -14,6 +14,18 @@ Test.java:
# 21| 3: [Method] test
# 21| 3: [TypeAccess] void
# 21| 5: [BlockStmt] { ... }
# 23| 4: [Method] method1
# 23| 3: [TypeAccess] void
# 23| 5: [BlockStmt] { ... }
# 24| 5: [Method] method2
# 24| 3: [TypeAccess] void
# 24| 5: [BlockStmt] { ... }
# 28| 6: [Method] method3
#-----| 0: (Javadoc)
# 25| 1: [Javadoc] /** JavaDoc for method3 */
# 26| 0: [JavadocText] JavaDoc for method3
# 28| 3: [TypeAccess] void
# 28| 5: [BlockStmt] { ... }
TestWindows.java:
# 0| [CompilationUnit] TestWindows
# 5| 1: [Class] TestWindows

7
java/ql/test/library-tests/comments/Test.java
View File

@@ -19,4 +19,11 @@ class Test {
// an end-of-line comment with trailing whitespace
//an end-of-line comment without a leading space
void test() {} // an end-of-line comment with preceding code
void method1() { /**/ } // A block comment containing the /** JavaDoc prefix }
void method2() { }
/**
* JavaDoc for method3
*/
void method3() { }
}

3
java/ql/test/library-tests/comments/toString.expected
View File

@@ -8,6 +8,9 @@
| Test.java:19:2:19:59 | // an end-of-line comment with trailing whitespace |
| Test.java:20:2:20:49 | //an end-of-line comment without a leading space |
| Test.java:21:17:21:61 | // an end-of-line comment with preceding code |
| Test.java:23:26:23:29 | /* */ |
| Test.java:23:33:23:86 | // A block comment containing the /** JavaDoc prefix } |
| Test.java:25:9:27:11 | /** JavaDoc for method3 */ |
| TestWindows.java:1:1:4:3 | /** A JavaDoc comment ... */ |
| TestWindows.java:6:2:6:45 | /** A JavaDoc comment with a single line. */ |
| TestWindows.java:8:3:8:27 | // a single-line comment |

64
java/ql/test/query-tests/AlertSuppression/AlertSuppression.expected
View File

@@ -1,58 +1,122 @@
| Test.java:1:15:1:21 | // lgtm | lgtm | lgtm | Test.java:1:1:1:21 | suppression range |
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:2:1:2:35 | suppression range |
| Test.java:2:1:2:35 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:3:0:3:0 | suppression range |
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:3:1:3:70 | suppression range |
| Test.java:3:1:3:70 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | Test.java:4:0:4:0 | suppression range |
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:4:1:4:24 | suppression range |
| Test.java:4:1:4:24 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | Test.java:5:0:5:0 | suppression range |
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:5:1:5:51 | suppression range |
| Test.java:5:1:5:51 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | Test.java:6:0:6:0 | suppression range |
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:6:1:6:28 | suppression range |
| Test.java:6:1:6:28 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | Test.java:7:0:7:0 | suppression range |
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:7:1:7:81 | suppression range |
| Test.java:7:1:7:81 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | Test.java:8:0:8:0 | suppression range |
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:8:1:8:18 | suppression range |
| Test.java:8:1:8:18 | // lgtm: blah blah | lgtm: blah blah | lgtm | Test.java:9:0:9:0 | suppression range |
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:9:1:9:32 | suppression range |
| Test.java:9:1:9:32 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | Test.java:10:0:10:0 | suppression range |
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:10:1:10:36 | suppression range |
| Test.java:10:1:10:36 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | Test.java:11:0:11:0 | suppression range |
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:11:1:11:10 | suppression range |
| Test.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | Test.java:12:0:12:0 | suppression range |
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:12:1:12:9 | suppression range |
| Test.java:12:1:12:9 | // lgtm[] | lgtm[] | lgtm[] | Test.java:13:0:13:0 | suppression range |
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:14:1:14:6 | suppression range |
| Test.java:14:1:14:6 | //lgtm | lgtm | lgtm | Test.java:15:0:15:0 | suppression range |
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:15:1:15:7 | suppression range |
| Test.java:15:1:15:7 | //\tlgtm | \tlgtm | lgtm | Test.java:16:0:16:0 | suppression range |
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:16:1:16:36 | suppression range |
| Test.java:16:1:16:36 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | Test.java:17:0:17:0 | suppression range |
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:19:1:19:12 | suppression range |
| Test.java:19:1:19:12 | // foo; lgtm | foo; lgtm | lgtm | Test.java:20:0:20:0 | suppression range |
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:20:1:20:40 | suppression range |
| Test.java:20:1:20:40 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:21:0:21:0 | suppression range |
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:22:1:22:39 | suppression range |
| Test.java:22:1:22:39 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:23:0:23:0 | suppression range |
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:24:1:24:43 | suppression range |
| Test.java:24:1:24:43 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | Test.java:25:0:25:0 | suppression range |
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:25:1:25:8 | suppression range |
| Test.java:25:1:25:8 | // LGTM! | LGTM! | LGTM | Test.java:26:0:26:0 | suppression range |
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:26:1:26:35 | suppression range |
| Test.java:26:1:26:35 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | Test.java:27:0:27:0 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:27:1:27:78 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | Test.java:28:0:28:0 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:27:1:27:78 | suppression range |
| Test.java:27:1:27:78 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | Test.java:28:0:28:0 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:28:1:28:40 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | Test.java:29:0:29:0 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:28:1:28:40 | suppression range |
| Test.java:28:1:28:40 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | Test.java:29:0:29:0 | suppression range |
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:29:1:29:12 | suppression range |
| Test.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | Test.java:30:0:30:0 | suppression range |
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:30:1:30:38 | suppression range |
| Test.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | Test.java:31:0:31:0 | suppression range |
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:36:1:36:52 | suppression range |
| Test.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | Test.java:37:0:37:0 | suppression range |
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:37:1:37:25 | suppression range |
| Test.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | Test.java:38:0:38:0 | suppression range |
| Test.java:39:1:39:32 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:40:0:40:0 | suppression range |
| Test.java:40:1:40:32 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:41:0:41:0 | suppression range |
| Test.java:41:1:41:69 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | Test.java:42:0:42:0 | suppression range |
| Test.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | Test.java:43:0:43:0 | suppression range |
| TestWindows.java:1:22:1:29 | // lgtm | lgtm | lgtm | TestWindows.java:1:1:1:29 | suppression range |
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:2:1:2:36 | suppression range |
| TestWindows.java:2:1:2:36 | // lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:3:0:3:0 | suppression range |
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:3:1:3:71 | suppression range |
| TestWindows.java:3:1:3:71 | // lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name, java/non-short-circuit-evaluation] | TestWindows.java:4:0:4:0 | suppression range |
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:4:1:4:25 | suppression range |
| TestWindows.java:4:1:4:25 | // lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | lgtm[@tag:exceptions] | TestWindows.java:5:0:5:0 | suppression range |
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:5:1:5:52 | suppression range |
| TestWindows.java:5:1:5:52 | // lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | lgtm[@tag:exceptions,java/confusing-method-name] | TestWindows.java:6:0:6:0 | suppression range |
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:6:1:6:29 | suppression range |
| TestWindows.java:6:1:6:29 | // lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | lgtm[@expires:2017-06-11] | TestWindows.java:7:0:7:0 | suppression range |
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:7:1:7:82 | suppression range |
| TestWindows.java:7:1:7:82 | // lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] does not seem confusing despite alert by lgtm | lgtm[java/confusing-method-name] | TestWindows.java:8:0:8:0 | suppression range |
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:8:1:8:19 | suppression range |
| TestWindows.java:8:1:8:19 | // lgtm: blah blah | lgtm: blah blah | lgtm | TestWindows.java:9:0:9:0 | suppression range |
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:9:1:9:33 | suppression range |
| TestWindows.java:9:1:9:33 | // lgtm blah blah #falsepositive | lgtm blah blah #falsepositive | lgtm | TestWindows.java:10:0:10:0 | suppression range |
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:10:1:10:37 | suppression range |
| TestWindows.java:10:1:10:37 | //lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | lgtm [java/confusing-method-name] | TestWindows.java:11:0:11:0 | suppression range |
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:11:1:11:10 | suppression range |
| TestWindows.java:11:1:11:10 | /* lgtm */ | lgtm | lgtm | TestWindows.java:12:0:12:0 | suppression range |
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:12:1:12:10 | suppression range |
| TestWindows.java:12:1:12:10 | // lgtm[] | lgtm[] | lgtm[] | TestWindows.java:13:0:13:0 | suppression range |
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:14:1:14:7 | suppression range |
| TestWindows.java:14:1:14:7 | //lgtm | lgtm | lgtm | TestWindows.java:15:0:15:0 | suppression range |
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:15:1:15:8 | suppression range |
| TestWindows.java:15:1:15:8 | //\tlgtm | \tlgtm | lgtm | TestWindows.java:16:0:16:0 | suppression range |
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:16:1:16:37 | suppression range |
| TestWindows.java:16:1:16:37 | // lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | lgtm\t[java/confusing-method-name] | TestWindows.java:17:0:17:0 | suppression range |
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:19:1:19:13 | suppression range |
| TestWindows.java:19:1:19:13 | // foo; lgtm | foo; lgtm | lgtm | TestWindows.java:20:0:20:0 | suppression range |
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:20:1:20:41 | suppression range |
| TestWindows.java:20:1:20:41 | // foo; lgtm[java/confusing-method-name] | foo; lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:21:0:21:0 | suppression range |
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:22:1:22:40 | suppression range |
| TestWindows.java:22:1:22:40 | // foo lgtm[java/confusing-method-name] | foo lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:23:0:23:0 | suppression range |
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:24:1:24:44 | suppression range |
| TestWindows.java:24:1:24:44 | // foo lgtm[java/confusing-method-name] bar | foo lgtm[java/confusing-method-name] bar | lgtm[java/confusing-method-name] | TestWindows.java:25:0:25:0 | suppression range |
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:25:1:25:9 | suppression range |
| TestWindows.java:25:1:25:9 | // LGTM! | LGTM! | LGTM | TestWindows.java:26:0:26:0 | suppression range |
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:26:1:26:36 | suppression range |
| TestWindows.java:26:1:26:36 | // LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | LGTM[java/confusing-method-name] | TestWindows.java:27:0:27:0 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:27:1:27:79 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] | TestWindows.java:28:0:28:0 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:27:1:27:79 | suppression range |
| TestWindows.java:27:1:27:79 | //lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/confusing-method-name] and lgtm[java/non-short-circuit-evaluation] | lgtm[java/non-short-circuit-evaluation] | TestWindows.java:28:0:28:0 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:28:1:28:41 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm | TestWindows.java:29:0:29:0 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:28:1:28:41 | suppression range |
| TestWindows.java:28:1:28:41 | //lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name]; lgtm | lgtm[java/confusing-method-name] | TestWindows.java:29:0:29:0 | suppression range |
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:29:1:29:12 | suppression range |
| TestWindows.java:29:1:29:12 | /* lgtm[] */ | lgtm[] | lgtm[] | TestWindows.java:30:0:30:0 | suppression range |
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:30:1:30:38 | suppression range |
| TestWindows.java:30:1:30:38 | /* lgtm[java/confusing-method-name] */ | lgtm[java/confusing-method-name] | lgtm[java/confusing-method-name] | TestWindows.java:31:0:31:0 | suppression range |
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:36:1:36:52 | suppression range |
| TestWindows.java:36:1:36:52 | /* lgtm[@tag:nullness,java/confusing-method-name] */ | lgtm[@tag:nullness,java/confusing-method-name] | lgtm[@tag:nullness,java/confusing-method-name] | TestWindows.java:37:0:37:0 | suppression range |
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:37:1:37:25 | suppression range |
| TestWindows.java:37:1:37:25 | /* lgtm[@tag:nullness] */ | lgtm[@tag:nullness] | lgtm[@tag:nullness] | TestWindows.java:38:0:38:0 | suppression range |
| TestWindows.java:39:1:39:33 | // codeql[js/debugger-statement] | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:40:0:40:0 | suppression range |
| TestWindows.java:40:1:40:33 | // CODEQL[js/debugger-statement] | CODEQL[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:41:0:41:0 | suppression range |
| TestWindows.java:41:1:41:70 | // codeql[js/debugger-statement] -- because I know better than codeql | codeql[js/debugger-statement] -- because I know better than codeql | lgtm[js/debugger-statement] | TestWindows.java:42:0:42:0 | suppression range |
| TestWindows.java:42:1:42:35 | /* codeql[js/debugger-statement] */ | codeql[js/debugger-statement] | lgtm[js/debugger-statement] | TestWindows.java:43:0:43:0 | suppression range |

7
java/ql/test/query-tests/AlertSuppression/AlertSuppressionAnnotations.expected
View File

@@ -1,6 +1,11 @@
| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:21:5 | suppression range |
| TestSuppressWarnings.java:2:1:2:49 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:2:1:38:5 | suppression range |
| TestSuppressWarnings.java:5:5:5:31 | SuppressWarnings | lgtm[] | lgtm[] | TestSuppressWarnings.java:5:5:8:5 | suppression range |
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
| TestSuppressWarnings.java:10:5:10:104 | SuppressWarnings | lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:9:5:13:5 | suppression range |
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
| TestSuppressWarnings.java:18:5:18:98 | SuppressWarnings | lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:18:5:21:5 | suppression range |
| TestSuppressWarnings.java:22:5:22:33 | SuppressWarnings | codeql[] | lgtm[] | TestSuppressWarnings.java:22:5:25:5 | suppression range |
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/confusing-method-name] not confusing | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
| TestSuppressWarnings.java:27:5:27:108 | SuppressWarnings | codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:26:5:30:5 | suppression range |
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/confusing-method-name] | TestSuppressWarnings.java:35:5:38:5 | suppression range |
| TestSuppressWarnings.java:35:5:35:102 | SuppressWarnings | codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override] | lgtm[java/non-sync-override] | TestSuppressWarnings.java:35:5:38:5 | suppression range |

8
java/ql/test/query-tests/AlertSuppression/Test.java
View File

@@ -36,3 +36,11 @@ class Test {} // lgtm
/* lgtm[@tag:nullness,java/confusing-method-name] */
/* lgtm[@tag:nullness] */
/** lgtm[] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class Foo {} // codeql[js/debugger-statement]

25
java/ql/test/query-tests/AlertSuppression/TestSuppressWarnings.java
View File

@@ -4,19 +4,36 @@
class TestSuppressWarnings {
@SuppressWarnings("lgtm[]")
public void test() {
}
@Deprecated
@SuppressWarnings({"lgtm[java/confusing-method-name] not confusing","lgtm[java/non-sync-override]"})
public void test2() {
}
@SuppressWarnings("lgtm")
public void test3() {
}
@SuppressWarnings({"lgtm[java/confusing-method-name] blah blah lgtm[java/non-sync-override]"})
public void test4() {
}
@SuppressWarnings("codeql[]")
public void test5() {
}
@Deprecated
@SuppressWarnings({"codeql[java/confusing-method-name] not confusing","codeql[java/non-sync-override]"})
public void test6() {
}
@SuppressWarnings("lgtm")
public void test7() {
}
@SuppressWarnings({"codeql[java/confusing-method-name] blah blah codeql[java/non-sync-override]"})
public void test8() {
}
}

8
java/ql/test/query-tests/AlertSuppression/TestWindows.java
View File

@@ -36,3 +36,11 @@ class TestWindows {} // lgtm
/* lgtm[@tag:nullness,java/confusing-method-name] */
/* lgtm[@tag:nullness] */
/** lgtm[] */
// codeql[js/debugger-statement]
// CODEQL[js/debugger-statement]
// codeql[js/debugger-statement] -- because I know better than codeql
/* codeql[js/debugger-statement] */
/* codeql[js/debugger-statement]
*/
class Foo2 {} // codeql[js/debugger-statement]

2
java/ql/test/query-tests/Telemetry/UnsupportedExternalAPIs/Test.java
View File

@@ -13,7 +13,7 @@ class ExternalApiUsage {
Duration d = java.time.Duration.ofMillis(1000); // not supported
long l = "foo".length(); // not interesting
long l = "foo".length(); // supported as a neutral model
AtomicReference<String> ref = new AtomicReference<>(); // not supported
ref.set("foo");

1
java/ql/test/query-tests/Telemetry/UnsupportedExternalAPIs/UnsupportedExternalAPIs.expected
View File

@@ -1,4 +1,3 @@
| java.lang.Class#isAssignableFrom(Class) | 1 |
| java.lang.String#length() | 1 |
| java.time.Duration#ofMillis(long) | 1 |
| java.util.concurrent.atomic.AtomicReference#set(Object) | 1 |

4
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayConstructionLocal.expected
View File

@@ -1,10 +1,14 @@
edges
| Test.java:76:27:76:60 | getProperty(...) : String | Test.java:78:37:78:48 | userProperty : String |
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:80:31:80:34 | size |
| Test.java:78:20:78:56 | parseInt(...) : Number | Test.java:86:34:86:37 | size |
| Test.java:78:37:78:48 | userProperty : String | Test.java:78:37:78:55 | trim(...) : String |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:78:20:78:56 | parseInt(...) : Number |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:80:31:80:34 | size |
| Test.java:78:37:78:55 | trim(...) : String | Test.java:86:34:86:37 | size |
nodes
| Test.java:76:27:76:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:78:20:78:56 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| Test.java:78:37:78:48 | userProperty : String | semmle.label | userProperty : String |
| Test.java:78:37:78:55 | trim(...) : String | semmle.label | trim(...) : String |
| Test.java:80:31:80:34 | size | semmle.label | size |

3
java/ql/test/query-tests/security/CWE-129/semmle/tests/ImproperValidationOfArrayIndexLocal.expected
View File

@@ -1,9 +1,12 @@
edges
| Test.java:14:27:14:60 | getProperty(...) : String | Test.java:16:38:16:49 | userProperty : String |
| Test.java:16:21:16:57 | parseInt(...) : Number | Test.java:19:34:19:38 | index |
| Test.java:16:38:16:49 | userProperty : String | Test.java:16:38:16:56 | trim(...) : String |
| Test.java:16:38:16:56 | trim(...) : String | Test.java:16:21:16:57 | parseInt(...) : Number |
| Test.java:16:38:16:56 | trim(...) : String | Test.java:19:34:19:38 | index |
nodes
| Test.java:14:27:14:60 | getProperty(...) : String | semmle.label | getProperty(...) : String |
| Test.java:16:21:16:57 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| Test.java:16:38:16:49 | userProperty : String | semmle.label | userProperty : String |
| Test.java:16:38:16:56 | trim(...) : String | semmle.label | trim(...) : String |
| Test.java:19:34:19:38 | index | semmle.label | index |

13
java/ql/test/query-tests/security/CWE-190/semmle/tests/ArithmeticTaintedLocal.expected
View File

@@ -11,8 +11,19 @@ edges
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | ArithmeticTainted.java:19:26:19:50 | readLine(...) : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | ArithmeticTainted.java:21:29:21:40 | stringNumber : String |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:32:17:32:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:40:17:40:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:50:17:50:20 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:64:20:64:23 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:95:37:95:40 | data |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:118:9:118:12 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:119:10:119:13 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:120:10:120:13 | data : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | ArithmeticTainted.java:121:10:121:13 | data : Number |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | ArithmeticTainted.java:21:29:21:47 | trim(...) : String |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:32:17:32:20 | data |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:40:17:40:20 | data |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | ArithmeticTainted.java:50:17:50:20 | data |
@@ -53,6 +64,8 @@ nodes
| ArithmeticTainted.java:19:26:19:39 | readerBuffered : BufferedReader | semmle.label | readerBuffered : BufferedReader |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
| ArithmeticTainted.java:19:26:19:50 | readLine(...) : String | semmle.label | readLine(...) : String |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ArithmeticTainted.java:21:12:21:48 | parseInt(...) : Number | semmle.label | parseInt(...) : Number |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
| ArithmeticTainted.java:21:29:21:40 | stringNumber : String | semmle.label | stringNumber : String |
| ArithmeticTainted.java:21:29:21:47 | trim(...) : String | semmle.label | trim(...) : String |

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

12
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/Test.java Normal file
View File

@@ -0,0 +1,12 @@
import java.net.URL;
import java.net.URLConnection;
class Test{
URLConnection test1() throws Exception {
return new URL("https://good.example.com").openConnection();
}
URLConnection test2() throws Exception {
return new URL("https://bad.example.com").openConnection(); // $hasUntrustedResult
}
}

1
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

9
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/res/xml/NetworkSecurityConfig.xml Normal file
View File

@@ -0,0 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
<domain-config>
<domain>good.example.com</domain>
<pin-set expiration="2038/1/19">
<pin digest="SHA-256">...</pin>
</pin-set>
</domain-config>
</network-security-config>

0
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test1/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.AndroidCertificatePinningQuery
class Test extends InlineExpectationsTest {
Test() { this = "AndroidMissingCertificatePinningTest" }
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
override predicate hasActualResult(Location loc, string el, string tag, string value) {
exists(DataFlow::Node node |
missingPinning(node, _) and
loc = node.getLocation() and
el = node.toString() and
value = "" and
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
)
}
}

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

8
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/Test.java Normal file
View File

@@ -0,0 +1,8 @@
import java.net.URL;
import java.net.URLConnection;
class Test{
URLConnection test2() throws Exception {
return new URL("https://example.com").openConnection(); // $hasNoTrustedResult
}
}

1
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

4
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/res/xml/NetworkSecurityConfig.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
</network-security-config>

0
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test2/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.AndroidCertificatePinningQuery
class Test extends InlineExpectationsTest {
Test() { this = "AndroidMissingCertificatePinningTest" }
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
override predicate hasActualResult(Location loc, string el, string tag, string value) {
exists(DataFlow::Node node |
missingPinning(node, _) and
loc = node.getLocation() and
el = node.toString() and
value = "" and
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
)
}
}

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

17
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/Test.java Normal file
View File

@@ -0,0 +1,17 @@
import okhttp3.OkHttpClient;
import okhttp3.CertificatePinner;
import okhttp3.Request;
class Test{
void test1() throws Exception {
CertificatePinner certificatePinner = new CertificatePinner.Builder()
.add("good.example.com", "sha256/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA=")
.build();
OkHttpClient client = new OkHttpClient.Builder()
.certificatePinner(certificatePinner)
.build();
client.newCall(new Request.Builder().url("https://good.example.com").build()).execute();
client.newCall(new Request.Builder().url("https://bad.example.com").build()).execute(); // $hasUntrustedResult
}
}

1
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0:${testdir}/../../../../../stubs/okhttp-4.9.3

4
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/res/xml/NetworkSecurityConfig.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
</network-security-config>

0
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test3/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.AndroidCertificatePinningQuery
class Test extends InlineExpectationsTest {
Test() { this = "AndroidMissingCertificatePinningTest" }
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
override predicate hasActualResult(Location loc, string el, string tag, string value) {
exists(DataFlow::Node node |
missingPinning(node, _) and
loc = node.getLocation() and
el = node.toString() and
value = "" and
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
)
}
}

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

7
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/R.java Normal file
View File

@@ -0,0 +1,7 @@
package com.example;
class R {
static final class raw {
static final int cert = 0;
}
}

32
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/Test.java Normal file
View File

@@ -0,0 +1,32 @@
package com.example;
import java.net.URL;
import java.net.URLConnection;
import java.security.KeyStore;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import android.content.res.Resources;
class Test{
void test1(Resources resources) throws Exception {
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(resources.openRawResource(R.raw.cert), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
URL url = new URL("http://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection();
urlConnection.setSSLSocketFactory(sslContext.getSocketFactory());
}
void test2() throws Exception {
URL url = new URL("http://www.example.com/");
HttpsURLConnection urlConnection = (HttpsURLConnection) url.openConnection(); // $hasNoTrustedResult
}
}

1
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

4
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/res/xml/NetworkSecurityConfig.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
</network-security-config>

0
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test4/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.AndroidCertificatePinningQuery
class Test extends InlineExpectationsTest {
Test() { this = "AndroidMissingCertificatePinningTest" }
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
override predicate hasActualResult(Location loc, string el, string tag, string value) {
exists(DataFlow::Node node |
missingPinning(node, _) and
loc = node.getLocation() and
el = node.toString() and
value = "" and
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
)
}
}

10
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,10 @@
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.example.app"
android:installLocation="auto"
android:versionCode="1"
android:versionName="0.1" >
<application android:networkSecurityConfig="@xml/NetworkSecurityConfig">
</application>
</manifest>

7
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/R.java Normal file
View File

@@ -0,0 +1,7 @@
package com.example;
class R {
static final class raw {
static final int cert = 0;
}
}

35
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/Test.java Normal file
View File

@@ -0,0 +1,35 @@
package com.example;
import java.net.URL;
import java.net.URLConnection;
import java.io.InputStream;
import java.security.KeyStore;
import javax.net.ssl.TrustManagerFactory;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import android.content.res.Resources;
class Test{
void init(Resources resources) throws Exception {
KeyStore keyStore = KeyStore.getInstance("BKS");
keyStore.load(resources.openRawResource(R.raw.cert), null);
TrustManagerFactory tmf = TrustManagerFactory.getInstance(TrustManagerFactory.getDefaultAlgorithm());
tmf.init(keyStore);
SSLContext sslContext = SSLContext.getInstance("TLS");
sslContext.init(null, tmf.getTrustManagers(), null);
HttpsURLConnection.setDefaultSSLSocketFactory(sslContext.getSocketFactory());
}
URLConnection test1() throws Exception {
URL url = new URL("http://www.example.com/");
return url.openConnection();
}
InputStream test2() throws Exception {
URL url = new URL("http://www.example.com/");
return url.openStream();
}
}

1
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/options Normal file
View File

@@ -0,0 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/google-android-9.0.0

4
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/res/xml/NetworkSecurityConfig.xml Normal file
View File

@@ -0,0 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<network-security-config>
</network-security-config>

0
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.expected Normal file
View File

19
java/ql/test/query-tests/security/CWE-295/AndroidMissingCertificatePinning/Test5/test.ql Normal file
View File

@@ -0,0 +1,19 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.security.AndroidCertificatePinningQuery
class Test extends InlineExpectationsTest {
Test() { this = "AndroidMissingCertificatePinningTest" }
override string getARelevantTag() { result = ["hasNoTrustedResult", "hasUntrustedResult"] }
override predicate hasActualResult(Location loc, string el, string tag, string value) {
exists(DataFlow::Node node |
missingPinning(node, _) and
loc = node.getLocation() and
el = node.toString() and
value = "" and
if trustedDomain(_) then tag = "hasUntrustedResult" else tag = "hasNoTrustedResult"
)
}
}

17
java/ql/test/stubs/okhttp-4.9.3/javax/net/SocketFactory.java generated Normal file
View File

@@ -0,0 +1,17 @@
// Generated automatically from javax.net.SocketFactory for testing purposes
package javax.net;
import java.net.InetAddress;
import java.net.Socket;
abstract public class SocketFactory
{
protected SocketFactory(){}
public Socket createSocket(){ return null; }
public abstract Socket createSocket(InetAddress p0, int p1);
public abstract Socket createSocket(InetAddress p0, int p1, InetAddress p2, int p3);
public abstract Socket createSocket(String p0, int p1);
public abstract Socket createSocket(String p0, int p1, InetAddress p2, int p3);
public static SocketFactory getDefault(){ return null; }
}

24
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedEvent.java generated Normal file
View File

@@ -0,0 +1,24 @@
// Generated automatically from javax.net.ssl.HandshakeCompletedEvent for testing purposes
package javax.net.ssl;
import java.security.Principal;
import java.security.cert.Certificate;
import java.util.EventObject;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
import javax.security.cert.X509Certificate;
public class HandshakeCompletedEvent extends EventObject
{
protected HandshakeCompletedEvent() { super(null); } // manually corrected
public Certificate[] getLocalCertificates(){ return null; }
public Certificate[] getPeerCertificates(){ return null; }
public HandshakeCompletedEvent(SSLSocket p0, SSLSession p1){ super(null); } // manually corrected
public Principal getLocalPrincipal(){ return null; }
public Principal getPeerPrincipal(){ return null; }
public SSLSession getSession(){ return null; }
public SSLSocket getSocket(){ return null; }
public String getCipherSuite(){ return null; }
public X509Certificate[] getPeerCertificateChain(){ return null; }
}

11
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HandshakeCompletedListener.java generated Normal file
View File

@@ -0,0 +1,11 @@
// Generated automatically from javax.net.ssl.HandshakeCompletedListener for testing purposes
package javax.net.ssl;
import java.util.EventListener;
import javax.net.ssl.HandshakeCompletedEvent;
public interface HandshakeCompletedListener extends EventListener
{
void handshakeCompleted(HandshakeCompletedEvent p0);
}

10
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/HostnameVerifier.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from javax.net.ssl.HostnameVerifier for testing purposes
package javax.net.ssl;
import javax.net.ssl.SSLSession;
public interface HostnameVerifier
{
boolean verify(String p0, SSLSession p1);
}

13
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIMatcher.java generated Normal file
View File

@@ -0,0 +1,13 @@
// Generated automatically from javax.net.ssl.SNIMatcher for testing purposes
package javax.net.ssl;
import javax.net.ssl.SNIServerName;
abstract public class SNIMatcher
{
protected SNIMatcher() {}
protected SNIMatcher(int p0){}
public abstract boolean matches(SNIServerName p0);
public final int getType(){ return 0; }
}

15
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SNIServerName.java generated Normal file
View File

@@ -0,0 +1,15 @@
// Generated automatically from javax.net.ssl.SNIServerName for testing purposes
package javax.net.ssl;
abstract public class SNIServerName
{
protected SNIServerName() {}
protected SNIServerName(int p0, byte[] p1){}
public String toString(){ return null; }
public boolean equals(Object p0){ return false; }
public final byte[] getEncoded(){ return null; }
public final int getType(){ return 0; }
public int hashCode(){ return 0; }
}

36
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLParameters.java generated Normal file
View File

@@ -0,0 +1,36 @@
// Generated automatically from javax.net.ssl.SSLParameters for testing purposes
package javax.net.ssl;
import java.security.AlgorithmConstraints;
import java.util.Collection;
import java.util.List;
import javax.net.ssl.SNIMatcher;
import javax.net.ssl.SNIServerName;
public class SSLParameters
{
public AlgorithmConstraints getAlgorithmConstraints(){ return null; }
public SSLParameters(){}
public SSLParameters(String[] p0){}
public SSLParameters(String[] p0, String[] p1){}
public String getEndpointIdentificationAlgorithm(){ return null; }
public String[] getApplicationProtocols(){ return null; }
public String[] getCipherSuites(){ return null; }
public String[] getProtocols(){ return null; }
public boolean getNeedClientAuth(){ return false; }
public boolean getWantClientAuth(){ return false; }
public final Collection<SNIMatcher> getSNIMatchers(){ return null; }
public final List<SNIServerName> getServerNames(){ return null; }
public final boolean getUseCipherSuitesOrder(){ return false; }
public final void setSNIMatchers(Collection<SNIMatcher> p0){}
public final void setServerNames(List<SNIServerName> p0){}
public final void setUseCipherSuitesOrder(boolean p0){}
public void setAlgorithmConstraints(AlgorithmConstraints p0){}
public void setApplicationProtocols(String[] p0){}
public void setCipherSuites(String[] p0){}
public void setEndpointIdentificationAlgorithm(String p0){}
public void setNeedClientAuth(boolean p0){}
public void setProtocols(String[] p0){}
public void setWantClientAuth(boolean p0){}
}

33
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSession.java generated Normal file
View File

@@ -0,0 +1,33 @@
// Generated automatically from javax.net.ssl.SSLSession for testing purposes
package javax.net.ssl;
import java.security.Principal;
import java.security.cert.Certificate;
import javax.net.ssl.SSLSessionContext;
import javax.security.cert.X509Certificate;
public interface SSLSession
{
Certificate[] getLocalCertificates();
Certificate[] getPeerCertificates();
Object getValue(String p0);
Principal getLocalPrincipal();
Principal getPeerPrincipal();
SSLSessionContext getSessionContext();
String getCipherSuite();
String getPeerHost();
String getProtocol();
String[] getValueNames();
X509Certificate[] getPeerCertificateChain();
boolean isValid();
byte[] getId();
int getApplicationBufferSize();
int getPacketBufferSize();
int getPeerPort();
long getCreationTime();
long getLastAccessedTime();
void invalidate();
void putValue(String p0, Object p1);
void removeValue(String p0);
}

16
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSessionContext.java generated Normal file
View File

@@ -0,0 +1,16 @@
// Generated automatically from javax.net.ssl.SSLSessionContext for testing purposes
package javax.net.ssl;
import java.util.Enumeration;
import javax.net.ssl.SSLSession;
public interface SSLSessionContext
{
Enumeration<byte[]> getIds();
SSLSession getSession(byte[] p0);
int getSessionCacheSize();
int getSessionTimeout();
void setSessionCacheSize(int p0);
void setSessionTimeout(int p0);
}

45
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocket.java generated Normal file
View File

@@ -0,0 +1,45 @@
// Generated automatically from javax.net.ssl.SSLSocket for testing purposes
package javax.net.ssl;
import java.net.InetAddress;
import java.net.Socket;
import java.util.List;
import java.util.function.BiFunction;
import javax.net.ssl.HandshakeCompletedListener;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
abstract public class SSLSocket extends Socket
{
protected SSLSocket(){}
protected SSLSocket(InetAddress p0, int p1){}
protected SSLSocket(InetAddress p0, int p1, InetAddress p2, int p3){}
protected SSLSocket(String p0, int p1){}
protected SSLSocket(String p0, int p1, InetAddress p2, int p3){}
public BiFunction<SSLSocket, List<String>, String> getHandshakeApplicationProtocolSelector(){ return null; }
public SSLParameters getSSLParameters(){ return null; }
public SSLSession getHandshakeSession(){ return null; }
public String getApplicationProtocol(){ return null; }
public String getHandshakeApplicationProtocol(){ return null; }
public abstract SSLSession getSession();
public abstract String[] getEnabledCipherSuites();
public abstract String[] getEnabledProtocols();
public abstract String[] getSupportedCipherSuites();
public abstract String[] getSupportedProtocols();
public abstract boolean getEnableSessionCreation();
public abstract boolean getNeedClientAuth();
public abstract boolean getUseClientMode();
public abstract boolean getWantClientAuth();
public abstract void addHandshakeCompletedListener(HandshakeCompletedListener p0);
public abstract void removeHandshakeCompletedListener(HandshakeCompletedListener p0);
public abstract void setEnableSessionCreation(boolean p0);
public abstract void setEnabledCipherSuites(String[] p0);
public abstract void setEnabledProtocols(String[] p0);
public abstract void setNeedClientAuth(boolean p0);
public abstract void setUseClientMode(boolean p0);
public abstract void setWantClientAuth(boolean p0);
public abstract void startHandshake();
public void setHandshakeApplicationProtocolSelector(BiFunction<SSLSocket, List<String>, String> p0){}
public void setSSLParameters(SSLParameters p0){}
}

17
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/SSLSocketFactory.java generated Normal file
View File

@@ -0,0 +1,17 @@
// Generated automatically from javax.net.ssl.SSLSocketFactory for testing purposes
package javax.net.ssl;
import java.io.InputStream;
import java.net.Socket;
import javax.net.SocketFactory;
abstract public class SSLSocketFactory extends SocketFactory
{
public SSLSocketFactory(){}
public Socket createSocket(Socket p0, InputStream p1, boolean p2){ return null; }
public abstract Socket createSocket(Socket p0, String p1, int p2, boolean p3);
public abstract String[] getDefaultCipherSuites();
public abstract String[] getSupportedCipherSuites();
public static SocketFactory getDefault(){ return null; }
}

8
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/TrustManager.java generated Normal file
View File

@@ -0,0 +1,8 @@
// Generated automatically from javax.net.ssl.TrustManager for testing purposes
package javax.net.ssl;
public interface TrustManager
{
}

13
java/ql/test/stubs/okhttp-4.9.3/javax/net/ssl/X509TrustManager.java generated Normal file
View File

@@ -0,0 +1,13 @@
// Generated automatically from javax.net.ssl.X509TrustManager for testing purposes
package javax.net.ssl;
import java.security.cert.X509Certificate;
import javax.net.ssl.TrustManager;
public interface X509TrustManager extends TrustManager
{
X509Certificate[] getAcceptedIssuers();
void checkClientTrusted(X509Certificate[] p0, String p1);
void checkServerTrusted(X509Certificate[] p0, String p1);
}

17
java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/Certificate.java generated Normal file
View File

@@ -0,0 +1,17 @@
// Generated automatically from javax.security.cert.Certificate for testing purposes
package javax.security.cert;
import java.security.PublicKey;
abstract public class Certificate
{
public Certificate(){}
public abstract PublicKey getPublicKey();
public abstract String toString();
public abstract byte[] getEncoded();
public abstract void verify(PublicKey p0);
public abstract void verify(PublicKey p0, String p1);
public boolean equals(Object p0){ return false; }
public int hashCode(){ return 0; }
}

27
java/ql/test/stubs/okhttp-4.9.3/javax/security/cert/X509Certificate.java generated Normal file
View File

@@ -0,0 +1,27 @@
// Generated automatically from javax.security.cert.X509Certificate for testing purposes
package javax.security.cert;
import java.io.InputStream;
import java.math.BigInteger;
import java.security.Principal;
import java.util.Date;
import javax.security.cert.Certificate;
abstract public class X509Certificate extends Certificate
{
public X509Certificate(){}
public abstract BigInteger getSerialNumber();
public abstract Date getNotAfter();
public abstract Date getNotBefore();
public abstract Principal getIssuerDN();
public abstract Principal getSubjectDN();
public abstract String getSigAlgName();
public abstract String getSigAlgOID();
public abstract byte[] getSigAlgParams();
public abstract int getVersion();
public abstract void checkValidity();
public abstract void checkValidity(Date p0);
public static X509Certificate getInstance(InputStream p0){ return null; }
public static X509Certificate getInstance(byte[] p0){ return null; }
}

14
java/ql/test/stubs/okhttp-4.9.3/kotlin/collections/IntIterator.java generated Normal file
View File

@@ -0,0 +1,14 @@
// Generated automatically from kotlin.collections.IntIterator for testing purposes
package kotlin.collections;
import java.util.Iterator;
import kotlin.jvm.internal.markers.KMappedMarker;
abstract public class IntIterator implements Iterator<Integer>, KMappedMarker
{
public IntIterator(){}
public abstract int nextInt();
public final Integer next(){ return null; }
public void remove(){}
}

10
java/ql/test/stubs/okhttp-4.9.3/kotlin/jvm/functions/Function1.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from kotlin.jvm.functions.Function1 for testing purposes
package kotlin.jvm.functions;
import kotlin.Function;
public interface Function1<P1, R> extends Function<R>
{
R invoke(P1 p0);
}

12
java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/ClosedRange.java generated Normal file
View File

@@ -0,0 +1,12 @@
// Generated automatically from kotlin.ranges.ClosedRange for testing purposes
package kotlin.ranges;
public interface ClosedRange<T extends Comparable<? super T>>
{
T getEndInclusive();
T getStart();
boolean contains(T p0);
boolean isEmpty();
}

26
java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntProgression.java generated Normal file
View File

@@ -0,0 +1,26 @@
// Generated automatically from kotlin.ranges.IntProgression for testing purposes
package kotlin.ranges;
import kotlin.collections.IntIterator;
import kotlin.jvm.internal.markers.KMappedMarker;
public class IntProgression implements Iterable<Integer>, KMappedMarker
{
protected IntProgression() {}
public IntIterator iterator(){ return null; }
public IntProgression(int p0, int p1, int p2){}
public String toString(){ return null; }
public boolean equals(Object p0){ return false; }
public boolean isEmpty(){ return false; }
public final int getFirst(){ return 0; }
public final int getLast(){ return 0; }
public final int getStep(){ return 0; }
public int hashCode(){ return 0; }
public static IntProgression.Companion Companion = null;
static public class Companion
{
protected Companion() {}
public final IntProgression fromClosedRange(int p0, int p1, int p2){ return null; }
}
}

25
java/ql/test/stubs/okhttp-4.9.3/kotlin/ranges/IntRange.java generated Normal file
View File

@@ -0,0 +1,25 @@
// Generated automatically from kotlin.ranges.IntRange for testing purposes
package kotlin.ranges;
import kotlin.ranges.ClosedRange;
import kotlin.ranges.IntProgression;
public class IntRange extends IntProgression implements ClosedRange<Integer>
{
protected IntRange() {}
public IntRange(int p0, int p1){}
public Integer getEndInclusive(){ return null; }
public Integer getStart(){ return null; }
public String toString(){ return null; }
public boolean contains(Integer p0){ return false; } // manually corrected
public boolean equals(Object p0){ return false; }
public boolean isEmpty(){ return false; }
public int hashCode(){ return 0; }
public static IntRange.Companion Companion = null;
static public class Companion
{
protected Companion() {}
public final IntRange getEMPTY(){ return null; }
}
}

10
java/ql/test/stubs/okhttp-4.9.3/kotlin/sequences/Sequence.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from kotlin.sequences.Sequence for testing purposes
package kotlin.sequences;
import java.util.Iterator;
public interface Sequence<T>
{
Iterator<T> iterator();
}

10
java/ql/test/stubs/okhttp-4.9.3/kotlin/text/FlagEnum.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from kotlin.text.FlagEnum for testing purposes
package kotlin.text;
interface FlagEnum
{
int getMask();
int getValue();
}

19
java/ql/test/stubs/okhttp-4.9.3/kotlin/text/MatchGroup.java generated Normal file
View File

@@ -0,0 +1,19 @@
// Generated automatically from kotlin.text.MatchGroup for testing purposes
package kotlin.text;
import kotlin.ranges.IntRange;
public class MatchGroup
{
protected MatchGroup() {}
public MatchGroup(String p0, IntRange p1){}
public String toString(){ return null; }
public boolean equals(Object p0){ return false; }
public final IntRange component2(){ return null; }
public final IntRange getRange(){ return null; }
public final MatchGroup copy(String p0, IntRange p1){ return null; }
public final String component1(){ return null; }
public final String getValue(){ return null; }
public int hashCode(){ return 0; }
}

Some files were not shown because too many files have changed in this diff Show More