hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 00:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into amammad-java-bombs

Browse Source
This commit is contained in:
Owen Mansel-Chan
2024-07-18 21:28:23 +01:00
committed by GitHub
parent 7bb7d83b26 9a729144e8
commit 9a66e66d66
2888 changed files with 121408 additions and 94224 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
java/documentation/library-coverage/coverage.csv
View File

@@ -56,7 +56,7 @@ freemarker.template,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,
groovy.lang,26,,,,,,,,,,,,,26,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.text,1,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
groovy.util,5,,,,,,,,,,,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
hudson,74,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,55,,,,,,,,,6,,,,,,,,,,,,,5,4,2572,76
hudson,75,9,2648,,4,,,,,,3,2,,,,4,,,,,,,,,,,56,,,,,,,,,6,,,,,,,,,,,,,5,4,2572,76
io.jsonwebtoken,,2,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,4,
io.netty.bootstrap,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,,,,,,,,,,,,,,,,
io.netty.buffer,,,207,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,130,77
@@ -66,8 +66,9 @@ io.netty.handler.ssl,4,,,,,,,,,,,,,,,,,,,,,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.handler.stream,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
io.netty.resolver,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
io.netty.util,2,,23,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,21,2
io.undertow.server.handlers.resource,1,,3,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,3,
jakarta.activation,2,,2,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,2,
jakarta.faces.context,2,7,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,7,,
jakarta.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
jakarta.persistence,2,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,,,,,1,
jakarta.servlet,2,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,
@@ -78,8 +79,8 @@ jakarta.xml.bind.attachment,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,2,
java.applet,,,14,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,
java.awt,1,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,2,3
java.beans,,,193,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,193,
java.io,51,1,256,,,,,,,,,22,,,,,,,,,,,,,,,29,,,,,,,,,,,,,,,,,,,,,,1,,249,7
java.lang,38,3,759,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,3,,,681,78
java.io,66,1,256,,,,,,,,,22,,,,,,,,,,,,,,,44,,,,,,,,,,,,,,,,,,,,,,1,,249,7
java.lang,38,3,756,,13,,,,,,1,,,,,,,,,,,,8,,,,11,,,4,,,1,,,,,,,,,,,,,,,3,,,681,75
java.math,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9
java.net,23,3,278,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,21,,,,,,,,,,,,,,3,274,4
java.nio,44,,361,,,,,,,,,5,,,,,,,,,,,,,,,38,,,,,,,,,1,,,,,,,,,,,,,,,259,102
@@ -87,14 +88,14 @@ java.rmi,,,71,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,71,
java.security,21,,543,,,11,10,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,539,4
java.sql,15,1,303,,,,1,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,,9,,,,,,,,,1,,,,303,
java.text,,,134,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,134,
java.time,,,476,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,388,88
java.time,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,35,88
java.util,47,2,1218,,,,,,,,,1,,,,,,,,,,,34,,,,2,,,,5,2,,1,2,,,,,,,,,,,,,2,,,704,514
javafx.scene.web,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
javax.accessibility,,,31,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,31,
javax.activation,2,,7,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,1,,,,,,,,,,,,,,,7,
javax.annotation.processing,,,9,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,
javax.crypto,19,,128,,,12,3,,2,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,128,
javax.faces.context,2,7,,,,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.faces.context,4,7,,,,,,,,,,,,,,2,,,,,,,,,,,2,,,,,,,,,,,,,,,,,,,,,,,7,,
javax.imageio,1,,261,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,261,
javax.jms,,9,57,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,9,57,
javax.json,,,123,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,100,23
@@ -111,7 +112,7 @@ javax.script,1,,42,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,42,
javax.security.auth,7,,137,,,4,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,137,
javax.security.cert,,,5,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,5,
javax.security.sasl,,,28,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,28,
javax.servlet,9,22,3,,,,,,,,,,,,,,1,,,,,,,,,,1,,,,,,,,,,3,,,2,2,,,,,,,,,22,3,
javax.servlet,10,22,3,,,,,,,,,,,,,,1,,,,,,,,,,2,,,,,,,,,,3,,,2,2,,,,,,,,,22,3,
javax.smartcardio,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,30,
javax.sound.midi,,,29,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,29,
javax.sound.sampled,,,66,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,66,
@@ -150,7 +151,7 @@ org.apache.commons.collections4,,,800,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.compress.archivers.tar,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,4,
org.apache.commons.exec,10,,,,6,,,,,,4,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.httpclient.util,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,
org.apache.commons.io,118,,562,,,,,,,,,4,,,,,,,,,,,,,,,99,,,,,,,,,15,,,,,,,,,,,,,,,548,14
org.apache.commons.io,124,,570,,,,,,,,,4,,,,,,,,,,,,,,,105,,,,,,,,,15,,,,,,,,,,,,,,,556,14
org.apache.commons.jelly,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,
org.apache.commons.jexl2,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,,,,,,,,,,,,15,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
@@ -210,6 +211,7 @@ org.gradle.api.file,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.hibernate,7,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,7,,,,,,,,,,,,,,
org.influxdb,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.jboss.logging,324,,,,,,,,,,,,,,,,,,,,,,324,,,,,,,,,,,,,,,,,,,,,,,,,,,,,
org.jboss.vfs,1,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,,,,,,,,,,
org.jdbi.v3.core,6,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,6,,,,,,,,,,,,,,,,
org.jenkins.ui.icon,,,49,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,48,1
org.jenkins.ui.symbol,,,33,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,25,8
@@ -228,7 +230,7 @@ org.springframework.beans,,,30,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3
org.springframework.boot.jdbc,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1,,,,,,,,,,,,,,,,
org.springframework.cache,,,13,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,13
org.springframework.context,,,3,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,3,
org.springframework.core.io,3,,,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,,,
org.springframework.core.io,3,,5,,,,,,,,,,,,,,,,,,,,,,,,2,,,,,,,,,1,,,,,,,,,,,,,,,5,
org.springframework.data.repository,,,1,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,1
org.springframework.http,14,,77,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,14,,,,,,,,,,,,,,,67,10
org.springframework.jdbc.core,19,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,,19,,,,,,,,,,,,,,
1 package sink source summary sink:bean-validation sink:command-injection sink:credentials-key sink:credentials-password sink:credentials-username sink:encryption-iv sink:encryption-salt sink:environment-injection sink:file-content-store sink:fragment-injection sink:groovy-injection sink:hostname-verification sink:html-injection sink:information-leak sink:intent-redirection sink:jexl-injection sink:jndi-injection sink:js-injection sink:ldap-injection sink:log-injection sink:mvel-injection sink:notification sink:ognl-injection sink:path-injection sink:pending-intents sink:regex-use sink:regex-use[-1] sink:regex-use[0] sink:regex-use[] sink:regex-use[f-1] sink:regex-use[f1] sink:regex-use[f] sink:request-forgery sink:response-splitting sink:sql-injection sink:template-injection sink:trust-boundary-violation sink:url-forward sink:url-redirection sink:xpath-injection sink:xslt-injection source:android-external-storage-dir source:contentprovider source:database source:environment source:file source:remote summary:taint summary:value
56 groovy.lang 26 26
57 groovy.text 1 1
58 groovy.util 5 5
59 hudson 74 75 9 2648 4 3 2 4 55 56 6 5 4 2572 76
60 io.jsonwebtoken 2 4 2 4
61 io.netty.bootstrap 3 3
62 io.netty.buffer 207 130 77
66 io.netty.handler.stream 1 1
67 io.netty.resolver 1 1
68 io.netty.util 2 23 1 1 21 2
69 io.undertow.server.handlers.resource 1 3 1 3
70 jakarta.activation 2 2 1 1 2
71 jakarta.faces.context 2 4 7 2 2 7
72 jakarta.json 123 100 23
73 jakarta.persistence 2 1 2 1
74 jakarta.servlet 2 1 2 1
79 java.applet 14 14
80 java.awt 1 5 1 2 3
81 java.beans 193 193
82 java.io 51 66 1 256 22 29 44 1 249 7
83 java.lang 38 3 759 756 13 1 8 11 4 1 3 681 78 75
84 java.math 9 9
85 java.net 23 3 278 1 1 21 3 274 4
86 java.nio 44 361 5 38 1 259 102
88 java.security 21 543 11 10 539 4
89 java.sql 15 1 303 1 1 4 9 1 303
90 java.text 134 134
91 java.time 476 123 388 35 88
92 java.util 47 2 1218 1 34 2 5 2 1 2 2 704 514
93 javafx.scene.web 1 1
94 javax.accessibility 31 31
95 javax.activation 2 7 1 1 7
96 javax.annotation.processing 9 9
97 javax.crypto 19 128 12 3 2 2 128
98 javax.faces.context 2 4 7 2 2 7
99 javax.imageio 1 261 1 261
100 javax.jms 9 57 9 57
101 javax.json 123 100 23
112 javax.security.auth 7 137 4 3 137
113 javax.security.cert 5 5
114 javax.security.sasl 28 28
115 javax.servlet 9 10 22 3 1 1 2 3 2 2 22 3
116 javax.smartcardio 30 30
117 javax.sound.midi 29 29
118 javax.sound.sampled 66 66
151 org.apache.commons.compress.archivers.tar 4 4
152 org.apache.commons.exec 10 6 4
153 org.apache.commons.httpclient.util 1 1
154 org.apache.commons.io 118 124 562 570 4 99 105 15 548 556 14
155 org.apache.commons.jelly 6 6
156 org.apache.commons.jexl2 15 15
157 org.apache.commons.jexl3 15 15
211 org.hibernate 7 7
212 org.influxdb 1 1
213 org.jboss.logging 324 324
214 org.jboss.vfs 1 1
215 org.jdbi.v3.core 6 6
216 org.jenkins.ui.icon 49 48 1
217 org.jenkins.ui.symbol 33 25 8
230 org.springframework.boot.jdbc 1 1
231 org.springframework.cache 13 13
232 org.springframework.context 3 3
233 org.springframework.core.io 3 5 2 1 5
234 org.springframework.data.repository 1 1
235 org.springframework.http 14 77 14 67 10
236 org.springframework.jdbc.core 19 19

12
java/documentation/library-coverage/coverage.rst
View File

@@ -10,7 +10,7 @@ Java framework & library support
Android,``android.*``,52,481,181,1,3,67,,,
Android extensions,``androidx.*``,5,183,60,,,,,,
`Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,1600,,,,,,,
`Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,562,118,99,,,,,15
`Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,570,124,105,,,,,15
`Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,425,6,,,,,,
`Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,
`Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,183,122,,3,,,,119
@@ -18,10 +18,10 @@ Java framework & library support
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,730,43,9,,,,,
JBoss Logging,``org.jboss.logging``,,,324,,,,,,
`JSON-java <https://github.com/stleary/JSON-java>`_,``org.json``,,236,,,,,,,
Java Standard Library,``java.*``,10,4620,240,80,,9,,,26
Java extensions,"``javax.*``, ``jakarta.*``",69,3257,85,5,4,2,1,1,4
Java Standard Library,``java.*``,10,4264,255,95,,9,,,26
Java extensions,"``javax.*``, ``jakarta.*``",69,3257,90,10,4,2,1,1,4
Kotlin Standard Library,``kotlin*``,,1849,16,14,,,,,2
`Spring <https://spring.io/>`_,``org.springframework.*``,38,481,122,5,,28,14,,35
Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.w3c.dom``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``sun.awt``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.management.spi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.nio.ch``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``, ``sun.util.logging.internal``",131,10596,893,125,6,22,18,,208
Totals,,310,25483,2569,338,16,128,33,1,409
`Spring <https://spring.io/>`_,``org.springframework.*``,38,486,122,5,,28,14,,35
Others,"``actions.osgi``, ``antlr``, ``ch.ethz.ssh2``, ``cn.hutool.core.codec``, ``com.alibaba.druid.sql``, ``com.alibaba.fastjson2``, ``com.amazonaws.auth``, ``com.auth0.jwt.algorithms``, ``com.azure.identity``, ``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.core``, ``com.fasterxml.jackson.databind``, ``com.google.gson``, ``com.hubspot.jinjava``, ``com.jcraft.jsch``, ``com.microsoft.sqlserver.jdbc``, ``com.mitchellbosecke.pebble``, ``com.mongodb``, ``com.opensymphony.xwork2``, ``com.rabbitmq.client``, ``com.sshtools.j2ssh.authentication``, ``com.sun.crypto.provider``, ``com.sun.jndi.ldap``, ``com.sun.net.httpserver``, ``com.sun.net.ssl``, ``com.sun.rowset``, ``com.sun.security.auth.module``, ``com.sun.security.ntlm``, ``com.sun.security.sasl.digest``, ``com.thoughtworks.xstream``, ``com.trilead.ssh2``, ``com.unboundid.ldap.sdk``, ``com.zaxxer.hikari``, ``flexjson``, ``freemarker.cache``, ``freemarker.template``, ``groovy.lang``, ``groovy.text``, ``groovy.util``, ``hudson``, ``io.jsonwebtoken``, ``io.netty.bootstrap``, ``io.netty.buffer``, ``io.netty.channel``, ``io.netty.handler.codec``, ``io.netty.handler.ssl``, ``io.netty.handler.stream``, ``io.netty.resolver``, ``io.netty.util``, ``io.undertow.server.handlers.resource``, ``javafx.scene.web``, ``jenkins``, ``jodd.json``, ``liquibase.database.jvm``, ``liquibase.statement.core``, ``net.schmizz.sshj``, ``net.sf.json``, ``net.sf.saxon.s9api``, ``ognl``, ``okhttp3``, ``org.acegisecurity``, ``org.antlr.runtime``, ``org.apache.commons.codec``, ``org.apache.commons.compress.archivers.tar``, ``org.apache.commons.exec``, ``org.apache.commons.httpclient.util``, ``org.apache.commons.jelly``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.commons.lang``, ``org.apache.commons.logging``, ``org.apache.commons.net``, ``org.apache.commons.ognl``, ``org.apache.cxf.catalog``, ``org.apache.cxf.common.classloader``, ``org.apache.cxf.common.jaxb``, ``org.apache.cxf.common.logging``, ``org.apache.cxf.configuration.jsse``, ``org.apache.cxf.helpers``, ``org.apache.cxf.resource``, ``org.apache.cxf.staxutils``, ``org.apache.cxf.tools.corba.utils``, ``org.apache.cxf.tools.util``, ``org.apache.cxf.transform``, ``org.apache.directory.ldap.client.api``, ``org.apache.hadoop.fs``, ``org.apache.hadoop.hive.metastore``, ``org.apache.hadoop.hive.ql.exec``, ``org.apache.hadoop.hive.ql.metadata``, ``org.apache.hc.client5.http.async.methods``, ``org.apache.hc.client5.http.classic.methods``, ``org.apache.hc.client5.http.fluent``, ``org.apache.hive.hcatalog.templeton``, ``org.apache.ibatis.jdbc``, ``org.apache.ibatis.mapping``, ``org.apache.log4j``, ``org.apache.shiro.codec``, ``org.apache.shiro.jndi``, ``org.apache.shiro.mgt``, ``org.apache.sshd.client.session``, ``org.apache.struts.beanvalidation.validation.interceptor``, ``org.apache.struts2``, ``org.apache.tools.ant``, ``org.apache.tools.zip``, ``org.apache.velocity.app``, ``org.apache.velocity.runtime``, ``org.codehaus.cargo.container.installer``, ``org.codehaus.groovy.control``, ``org.dom4j``, ``org.eclipse.jetty.client``, ``org.fusesource.leveldbjni``, ``org.geogebra.web.full.main``, ``org.gradle.api.file``, ``org.hibernate``, ``org.influxdb``, ``org.jboss.vfs``, ``org.jdbi.v3.core``, ``org.jenkins.ui.icon``, ``org.jenkins.ui.symbol``, ``org.jooq``, ``org.keycloak.models.map.storage``, ``org.kohsuke.stapler``, ``org.mvel2``, ``org.openjdk.jmh.runner.options``, ``org.owasp.esapi``, ``org.pac4j.jwt.config.encryption``, ``org.pac4j.jwt.config.signature``, ``org.scijava.log``, ``org.slf4j``, ``org.thymeleaf``, ``org.w3c.dom``, ``org.xml.sax``, ``org.xmlpull.v1``, ``org.yaml.snakeyaml``, ``play.libs.ws``, ``play.mvc``, ``ratpack.core.form``, ``ratpack.core.handling``, ``ratpack.core.http``, ``ratpack.exec``, ``ratpack.form``, ``ratpack.func``, ``ratpack.handling``, ``ratpack.http``, ``ratpack.util``, ``retrofit2``, ``sun.awt``, ``sun.jvmstat.perfdata.monitor.protocol.local``, ``sun.jvmstat.perfdata.monitor.protocol.rmi``, ``sun.management.spi``, ``sun.misc``, ``sun.net.ftp``, ``sun.net.www.protocol.http``, ``sun.nio.ch``, ``sun.security.acl``, ``sun.security.jgss.krb5``, ``sun.security.krb5``, ``sun.security.pkcs``, ``sun.security.pkcs11``, ``sun.security.provider``, ``sun.security.ssl``, ``sun.security.x509``, ``sun.tools.jconsole``, ``sun.util.logging.internal``",131,10599,896,128,6,22,18,,208
Totals,,310,25143,2598,367,16,128,33,1,409

12
java/downgrades/BUILD.bazel Normal file
View File

@@ -0,0 +1,12 @@
load("@rules_pkg//:mappings.bzl", "pkg_files", "strip_prefix")
pkg_files(
name = "downgrades",
srcs = glob(
["**"],
exclude = ["BUILD.bazel"],
),
prefix = "downgrades",
strip_prefix = strip_prefix.from_pkg(),
visibility = ["//visibility:public"],
)

42
java/integration-tests-lib/toolchains_test_utils.py Normal file
View File

@@ -0,0 +1,42 @@
import os.path
import sys
import tempfile
def actions_expose_all_toolchains():
# On actions, expose all usable toolchains so that we can test version-selection logic.
toolchains_dir = tempfile.mkdtemp(prefix="integration-tests-toolchains-")
toolchains_file = os.path.join(toolchains_dir, "toolchains.xml")
def none_or_blank(s):
return s is None or s == ""
with open(toolchains_file, "w") as f:
f.write('<?xml version="1.0" encoding="UTF-8"?>\n<toolchains>\n')
for v in [8, 11, 17, 21]:
homedir = os.getenv("JAVA_HOME_%d_X64" % v)
if none_or_blank(homedir):
homedir = os.getenv("JAVA_HOME_%d_arm64" % v)
if none_or_blank(homedir) and v == 8 and not none_or_blank(os.getenv("JAVA_HOME_11_arm64")):
print("Mocking a toolchain entry using Java 11 install as a fake Java 8 entry, so this test behaves the same on x64 and arm64 runners", file = sys.stderr)
homedir = os.getenv("JAVA_HOME_11_arm64")
if homedir is not None and homedir != "":
f.write("""
<toolchain>
<type>jdk</type>
<provides>
<version>%d</version>
<vendor>oracle</vendor>
</provides>
<configuration>
<jdkHome>%s</jdkHome>
</configuration>
</toolchain>
""" % (v, homedir))
f.write("</toolchains>")
return toolchains_file

204
java/kotlin-extractor/BUILD.bazel Normal file
View File

@@ -0,0 +1,204 @@
"""
# Usage overview
Building the extractor can be done with bazel. If building from the internal repository, it is recommended to use
`tools/bazel` from there.
A specific kotlin extractor variant can be built with
```
bazel build @codeql//java/kotlin-extractor:codeql-extractor-kotlin-<variant>-<version>
```
where `<variant>` is either `standalone` or `embeddable`, and `<version>` is one of the supported versions.
```
bazel build @codeql//java/kotlin-extractor
```
will build a default variant:
* standalone, unless `CODEQL_KOTLIN_SINGLE_VERSION_EMBEDDABLE` is set to true, in which case it will go for embeddable
* the version will be taken as the last supported version less than the version of the currently available `kotlinc`,
or `CODEQL_KOTLIN_SINGLE_VERSION` if set.
If building from the `codeql` repository, `@codeql` can be skipped.
It is recommended to use the `kotlinc` wrapper in `dev` (which is also available in `tools` from `semmle-code`), which
takes care about providing a sensible default version and keep the version of the default target up to date.
If the wrapper is not used and `kotlinc` is updated, bazel won't be aware of it and will therefore keep the same default
version. Possible workarounds for that:
* switch to using the `kotlinc` wrapper in `dev` as mentioned above
* `bazel clean`
* `bazel fetch --force @codeql//java/kotlin-extractor`
* `bazel fetch --force @codeql_kotlin_defaults//:all` (only from `codeql`)
"""
# This file is used in the `@codeql_kotlin_embeddable` external repo, which means we need to
# reference explicitly @codeql
load(
"@codeql//java/kotlin-extractor:versions.bzl",
"VERSIONS",
"get_compatilibity_sources",
"get_language_version",
"version_less",
)
load("@rules_kotlin//kotlin:core.bzl", "kt_javac_options", "kt_kotlinc_options")
load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_library")
package(default_visibility = ["//java/kotlin-extractor:__subpackages__"])
_for_embeddable = repo_name().endswith("codeql_kotlin_embeddable")
_common_extractor_name_prefix = "codeql-extractor-kotlin"
_extractor_name_prefix = "%s-%s" % (
_common_extractor_name_prefix,
"embeddable" if _for_embeddable else "standalone",
)
py_binary(
name = "generate_dbscheme",
srcs = ["generate_dbscheme.py"],
)
_resources = [
(
r,
r[len("src/main/resources/"):],
)
for r in glob(["src/main/resources/**"])
]
kt_javac_options(
name = "javac-options",
release = "8",
)
[
(
kt_kotlinc_options(
name = "kotlinc-options-%s" % v,
include_stdlibs = "none",
jvm_target = "1.8",
language_version = get_language_version(v),
warn = "error",
x_optin = [
"kotlin.RequiresOptIn",
"org.jetbrains.kotlin.ir.symbols.%s" %
("IrSymbolInternals" if version_less(v, "2.0.0") else "UnsafeDuringIrConstructionAPI"),
],
x_suppress_version_warnings = True,
),
# * extractor.name is different for each version, so we need to put it in different output dirs
# * in order to put it in `resources`, we need to define `resource_strip_prefix` to strip this version
# * `resource_strip_prefix` is unique per jar, so we must also put other resources under the same version prefix
genrule(
name = "resources-%s" % v,
srcs = [src for src, _ in _resources],
outs = [
"%s/com/github/codeql/extractor.name" % v,
] + [
"%s/%s" % (v, target)
for _, target in _resources
],
cmd = "\n".join([
"echo %s-%s > $(RULEDIR)/%s/com/github/codeql/extractor.name" % (_extractor_name_prefix, v, v),
] + [
"cp $(execpath %s) $(RULEDIR)/%s/%s" % (source, v, target)
for source, target in _resources
]),
),
kt_jvm_library(
name = "%s-%s" % (_extractor_name_prefix, v),
srcs =
["@codeql//java/kotlin-extractor:generated-dbscheme"] +
glob(
[
"src/**/*.kt",
"src/**/*.java",
],
exclude = [
# a specific version is included back by `get_compatibility_sources`
"src/main/kotlin/utils/versions/**",
# this appears if `generated_dbscheme.py` is run manually, while we want the one built by bazel
"src/main/kotlin/KotlinExtractorDbScheme.kt",
],
) + get_compatilibity_sources(v, "src/main/kotlin/utils/versions"),
javac_opts = ":javac-options",
kotlinc_opts = ":kotlinc-options-%s" % v,
module_name = "codeql-kotlin-extractor",
# resource_strip_prefix is very nit-picky: the following makes it work from
# `codeql`, `@codeql_kotlin_embeddable` and `semmle-code`
resource_strip_prefix = (
("../%s/" % repo_name() if repo_name() else "") +
("%s/" % package_name() if package_name() else "") +
v
),
resources = [
":resources-%s" % v,
],
visibility = ["//visibility:public"],
deps = [
"@kotlin-compiler%s-%s" % (
"-embeddable" if _for_embeddable else "",
v,
),
"@kotlin-stdlib-%s" % v,
],
),
# if in main repository, alias the embeddable versions from the modified @codeql_kotlin_embeddable repo
alias(
name = "%s-embeddable-%s" % (_common_extractor_name_prefix, v),
actual = "@codeql_kotlin_embeddable//:%s-embeddable-%s" % (_common_extractor_name_prefix, v),
visibility = ["//visibility:public"],
) if not _for_embeddable else None,
)
for v in VERSIONS
]
(
genrule(
name = "generated-dbscheme",
srcs = ["@codeql//java:dbscheme"],
outs = ["KotlinExtractorDbScheme.kt"],
cmd = "$(execpath :generate_dbscheme) $< $@",
tools = [":generate_dbscheme"],
visibility = ["@codeql_kotlin_embeddable//:__pkg__"],
),
[
alias(
name = n,
actual = "//java/kotlin-extractor/defaults:%s" % n,
visibility = ["//visibility:public"],
)
for n in (
"%s-standalone" % _common_extractor_name_prefix,
"%s-embeddable" % _common_extractor_name_prefix,
_common_extractor_name_prefix,
)
],
alias(
name = "kotlin-extractor",
actual = _common_extractor_name_prefix,
visibility = ["//visibility:public"],
),
filegroup(
name = "many",
srcs = ["%s-%s-%s" % (
_common_extractor_name_prefix,
variant,
version,
) for variant in ("standalone", "embeddable") for version in VERSIONS],
visibility = ["//visibility:public"],
),
genrule(
name = "versions-list",
outs = ["kotlin-versions.list"],
cmd = "\n".join(["cat > $@ << EOF"] + VERSIONS + ["EOF"]),
),
# these are packed in the extractor pack for running QL tests
filegroup(
name = "version-picker",
srcs = [
"pick-kotlin-version.py",
":versions-list",
],
visibility = ["//visibility:public"],
),
) if not _for_embeddable else None

241
java/kotlin-extractor/build.py
View File

@@ -1,241 +0,0 @@
#!/usr/bin/env python3
import argparse
import kotlin_plugin_versions
import glob
import platform
import re
import subprocess
import shutil
import os
import os.path
import sys
import shlex
def parse_args():
parser = argparse.ArgumentParser()
parser.add_argument('--dependencies', default='../../../resources/kotlin-dependencies',
help='Folder containing the dependencies')
parser.add_argument('--many', action='store_true',
help='Build for all versions/kinds')
parser.add_argument('--single', action='store_false',
dest='many', help='Build for a single version/kind')
parser.add_argument('--single-version',
help='Build for a specific version/kind')
parser.add_argument('--single-version-embeddable', action='store_true',
help='When building a single version, build an embeddable extractor (default is standalone)')
return parser.parse_args()
args = parse_args()
def is_windows():
'''Whether we appear to be running on Windows'''
if platform.system() == 'Windows':
return True
if platform.system().startswith('CYGWIN'):
return True
return False
# kotlinc might be kotlinc.bat or kotlinc.cmd on Windows, so we use `which` to find out what it is
kotlinc = shutil.which('kotlinc')
if kotlinc is None:
print("Cannot build the Kotlin extractor: no kotlinc found on your PATH", file=sys.stderr)
sys.exit(1)
javac = 'javac'
kotlin_dependency_folder = args.dependencies
def quote_for_batch(arg):
if ';' in arg or '=' in arg:
if '"' in arg:
raise Exception('Need to quote something containing a quote')
return '"' + arg + '"'
else:
return arg
def run_process(cmd, capture_output=False):
print("Running command: " + shlex.join(cmd))
if is_windows():
cmd = ' '.join(map(quote_for_batch, cmd))
print("Converted to Windows command: " + cmd)
try:
if capture_output:
return subprocess.run(cmd, check=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
else:
return subprocess.run(cmd, check=True)
except subprocess.CalledProcessError as e:
print("In: " + os.getcwd(), file=sys.stderr)
shell_cmd = cmd if is_windows() else shlex.join(cmd)
print("Command failed: " + shell_cmd, file=sys.stderr)
if capture_output:
print("stdout output:\n" + e.stdout.decode(encoding='UTF-8',
errors='replace'), file=sys.stderr)
print("stderr output:\n" + e.stderr.decode(encoding='UTF-8',
errors='replace'), file=sys.stderr)
raise e
def write_arg_file(arg_file, args):
with open(arg_file, 'w') as f:
for arg in args:
if "'" in arg:
raise Exception('Single quote in argument: ' + arg)
f.write("'" + arg.replace('\\', '/') + "'\n")
def compile_to_dir(build_dir, srcs, version, classpath, java_classpath, output):
# Use kotlinc to compile .kt files:
kotlin_arg_file = build_dir + '/kotlin.args'
opt_in_args = ['-opt-in=kotlin.RequiresOptIn']
if version.lessThan(kotlin_plugin_versions.Version(2, 0, 0, "")):
opt_in_args.append('-opt-in=org.jetbrains.kotlin.ir.symbols.IrSymbolInternals')
else:
opt_in_args.append('-opt-in=org.jetbrains.kotlin.ir.symbols.UnsafeDuringIrConstructionAPI')
kotlin_args = ['-Werror'] \
+ opt_in_args \
+ ['-d', output,
'-module-name', 'codeql-kotlin-extractor',
'-Xsuppress-version-warnings',
'-language-version', version.toLanguageVersionString(),
'-no-reflect', '-no-stdlib',
'-jvm-target', '1.8',
'-classpath', classpath] + srcs
write_arg_file(kotlin_arg_file, kotlin_args)
run_process([kotlinc,
# kotlinc can default to 256M, which isn't enough when we are extracting the build
'-J-Xmx2G',
'@' + kotlin_arg_file])
# Use javac to compile .java files, referencing the Kotlin class files:
java_arg_file = build_dir + '/java.args'
java_args = ['-d', output,
'-source', '8', '-target', '8',
'-classpath', os.path.pathsep.join([output, classpath, java_classpath])] \
+ [s for s in srcs if s.endswith(".java")]
write_arg_file(java_arg_file, java_args)
run_process([javac, '@' + java_arg_file])
def compile_to_jar(build_dir, tmp_src_dir, srcs, version, classpath, java_classpath, output):
class_dir = build_dir + '/classes'
if os.path.exists(class_dir):
shutil.rmtree(class_dir)
os.makedirs(class_dir)
compile_to_dir(build_dir, srcs, version, classpath, java_classpath, class_dir)
run_process(['jar', 'cf', output,
'-C', class_dir, '.',
'-C', tmp_src_dir + '/main/resources', 'META-INF',
'-C', tmp_src_dir + '/main/resources', 'com/github/codeql/extractor.name'])
shutil.rmtree(class_dir)
def find_sources(path):
return glob.glob(path + '/**/*.kt', recursive=True) + glob.glob(path + '/**/*.java', recursive=True)
def find_jar(path, base):
fn = path + '/' + base + '.jar'
if not os.path.isfile(fn):
raise Exception('Cannot find jar file at %s' % fn)
return fn
def bases_to_classpath(path, bases):
result = []
for base in bases:
result.append(find_jar(path, base))
return os.path.pathsep.join(result)
def transform_to_embeddable(srcs):
# replace imports in files:
for src in srcs:
with open(src, 'r') as f:
content = f.read()
content = content.replace('import com.intellij',
'import org.jetbrains.kotlin.com.intellij')
with open(src, 'w') as f:
f.write(content)
def compile(jars, java_jars, dependency_folder, transform_to_embeddable, output, build_dir, version_str):
classpath = bases_to_classpath(dependency_folder, jars)
java_classpath = bases_to_classpath(dependency_folder, java_jars)
tmp_src_dir = build_dir + '/temp_src'
if os.path.exists(tmp_src_dir):
shutil.rmtree(tmp_src_dir)
shutil.copytree('src', tmp_src_dir)
include_version_folder = tmp_src_dir + '/main/kotlin/utils/this_version'
os.makedirs(include_version_folder)
resource_dir = tmp_src_dir + '/main/resources/com/github/codeql'
os.makedirs(resource_dir)
with open(resource_dir + '/extractor.name', 'w') as f:
f.write(output)
version = kotlin_plugin_versions.version_string_to_version(version_str)
for a_version in kotlin_plugin_versions.many_versions_versions_asc:
if a_version.lessThanOrEqual(version):
d = tmp_src_dir + '/main/kotlin/utils/versions/v_' + \
a_version.toString().replace('.', '_')
if os.path.exists(d):
# copy and overwrite files from the version folder to the include folder
shutil.copytree(d, include_version_folder, dirs_exist_ok=True)
# remove all version folders:
shutil.rmtree(tmp_src_dir + '/main/kotlin/utils/versions')
srcs = find_sources(tmp_src_dir)
transform_to_embeddable(srcs)
compile_to_jar(build_dir, tmp_src_dir, srcs, version, classpath, java_classpath, output)
shutil.rmtree(tmp_src_dir)
def compile_embeddable(version):
compile(['kotlin-stdlib-' + version, 'kotlin-compiler-embeddable-' + version],
['kotlin-stdlib-' + version],
kotlin_dependency_folder,
transform_to_embeddable,
'codeql-extractor-kotlin-embeddable-%s.jar' % (version),
'build_embeddable_' + version,
version)
def compile_standalone(version):
compile(['kotlin-stdlib-' + version, 'kotlin-compiler-' + version],
['kotlin-stdlib-' + version],
kotlin_dependency_folder,
lambda srcs: None,
'codeql-extractor-kotlin-standalone-%s.jar' % (version),
'build_standalone_' + version,
version)
if args.single_version:
if args.single_version_embeddable == True:
compile_embeddable(args.single_version)
else:
compile_standalone(args.single_version)
elif args.single_version_embeddable == True:
print("--single-version-embeddable requires --single-version", file=sys.stderr)
sys.exit(1)
elif args.many:
for version in kotlin_plugin_versions.many_versions:
compile_standalone(version)
compile_embeddable(version)
else:
compile_standalone(kotlin_plugin_versions.get_single_version())

30
java/kotlin-extractor/defaults/BUILD.bazel Normal file
View File

@@ -0,0 +1,30 @@
load("@codeql_kotlin_defaults//:defaults.bzl", "kotlin_extractor_defaults")
package(default_visibility = ["//java/kotlin-extractor:__pkg__"])
_common_extractor_name_prefix = "codeql-extractor-kotlin"
alias(
name = "%s-standalone" % _common_extractor_name_prefix,
actual = "//java/kotlin-extractor:%s-standalone-%s" % (
_common_extractor_name_prefix,
kotlin_extractor_defaults.extractor_version,
),
)
alias(
name = "%s-embeddable" % _common_extractor_name_prefix,
actual = "//java/kotlin-extractor:%s-embeddable-%s" % (
_common_extractor_name_prefix,
kotlin_extractor_defaults.extractor_version,
),
)
alias(
name = _common_extractor_name_prefix,
actual = "//java/kotlin-extractor:%s-%s-%s" % (
_common_extractor_name_prefix,
kotlin_extractor_defaults.variant,
kotlin_extractor_defaults.extractor_version,
),
)

124
java/kotlin-extractor/deps.bzl Normal file
View File

@@ -0,0 +1,124 @@
load("//java/kotlin-extractor:versions.bzl", "VERSIONS")
load("//misc/bazel:lfs.bzl", "lfs_smudge")
_kotlin_dep_build = """
load("@rules_kotlin//kotlin:jvm.bzl", "kt_jvm_import")
kt_jvm_import(
name = "{name}",
jar = "{name}.jar",
visibility = ["//visibility:public"],
)
"""
_empty_zip = "PK\005\006\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000\000"
def _get_dep(repository_ctx, name):
return repository_ctx.path(Label("//java/kotlin-extractor/deps:%s" % name))
def _kotlin_dep_impl(repository_ctx):
_, _, name = repository_ctx.name.rpartition("~")
lfs_smudge(repository_ctx, [_get_dep(repository_ctx, name + ".jar")])
# for some reason rules_kotlin warns about these jars missing, this is to silence those warnings
repository_ctx.file("empty.zip", _empty_zip)
for jar in (
"annotations-13.0.jar",
"kotlin-stdlib.jar",
"kotlin-reflect.jar",
"kotlin-script-runtime.jar",
"trove4j.jar",
):
repository_ctx.symlink("empty.zip", jar)
repository_ctx.file("BUILD.bazel", _kotlin_dep_build.format(name = name))
_kotlin_dep = repository_rule(
implementation = _kotlin_dep_impl,
)
def _walk(dir):
res = []
next_dirs = [dir]
# loops must be bounded in starlark
for i in range(100):
current_dirs = next_dirs
next_dirs = []
for d in current_dirs:
children = d.readdir()
next_dirs.extend([c for c in children if c.is_dir])
res.extend([c for c in children if not c.is_dir])
if not next_dirs:
return res
fail("%s directory too deep" % dir)
def _embeddable_source_impl(repository_ctx):
src_dir = repository_ctx.path(Label("//java/kotlin-extractor:src"))
repository_ctx.watch_tree(src_dir)
for src in _walk(src_dir):
contents = repository_ctx.read(src)
contents = contents.replace(
"import com.intellij",
"import org.jetbrains.kotlin.com.intellij",
)
repository_ctx.file(str(src).replace(str(src_dir), "src"), contents)
repository_ctx.symlink(
Label("//java/kotlin-extractor:BUILD.bazel"),
"BUILD.bazel",
)
_embeddable_source = repository_rule(implementation = _embeddable_source_impl)
def _get_version(repository_ctx, available = []):
default_version = repository_ctx.getenv("CODEQL_KOTLIN_SINGLE_VERSION")
if default_version:
return default_version
repository_ctx.watch(Label("//java/kotlin-extractor:dev/.kotlinc_version"))
version_picker = repository_ctx.path(Label("//java/kotlin-extractor:pick-kotlin-version.py"))
python = repository_ctx.which("python3") or repository_ctx.which("python")
# use the kotlinc wrapper as fallback
path = repository_ctx.getenv("PATH")
path_to_add = repository_ctx.path(Label("//java/kotlin-extractor:dev"))
if not path:
path = str(path_to_add)
elif repository_ctx.os.name == "windows":
path = "%s;%s" % (path, path_to_add)
else:
path = "%s:%s" % (path, path_to_add)
res = repository_ctx.execute([python, version_picker] + available, environment = {"PATH": path})
if res.return_code != 0:
fail(res.stderr)
return res.stdout.strip()
def _defaults_impl(repository_ctx):
default_version = _get_version(repository_ctx)
default_variant = "standalone"
if repository_ctx.getenv("CODEQL_KOTLIN_SINGLE_VERSION_EMBEDDABLE") in ("true", "1"):
default_variant = "embeddable"
available_version = _get_version(repository_ctx, VERSIONS)
info = struct(
version = default_version,
variant = default_variant,
extractor_version = available_version,
)
repository_ctx.file(
"defaults.bzl",
"kotlin_extractor_defaults = %s\n" % repr(info),
)
repository_ctx.file("BUILD.bazel")
_defaults = repository_rule(implementation = _defaults_impl)
def _kotlin_deps_impl(module_ctx):
for v in VERSIONS:
for lib in ("compiler", "compiler-embeddable", "stdlib"):
_kotlin_dep(name = "kotlin-%s-%s" % (lib, v))
_embeddable_source(name = "codeql_kotlin_embeddable")
_defaults(name = "codeql_kotlin_defaults")
return module_ctx.extension_metadata(
root_module_direct_deps = "all",
root_module_direct_dev_deps = [],
)
kotlin_extractor_deps = module_extension(implementation = _kotlin_deps_impl)

0
java/kotlin-extractor/deps/BUILD.bazel Normal file
View File

5
java/kotlin-extractor/deps/LICENSE.md Normal file
View File

@@ -0,0 +1,5 @@
The Git LFS files contained in this directory are mirrored
from [org.jetbrains.kotlin packages in the Maven repository][1]. A copy of the license is included as
the [`license`](./license) file.
[1]: https://mvnrepository.com/artifact/org.jetbrains.kotlin

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.5.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.5.10.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.5.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.5.30.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.6.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.6.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.7.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.7.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.8.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.9.0-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-1.9.20-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-2.0.0-RC1.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-2.0.20-Beta2.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.5.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.5.10.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.5.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.5.30.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.6.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.7.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.8.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.9.0-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-1.9.20-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.0.0-RC1.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-compiler-embeddable-2.0.20-Beta2.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.5.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.5.10.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.5.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.5.30.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.6.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.6.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.7.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.7.20.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.8.0.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.9.0-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-1.9.20-Beta.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-2.0.0-RC1.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

BIN
java/kotlin-extractor/deps/kotlin-stdlib-2.0.20-Beta2.jar (Stored with Git LFS) Normal file
View File

Binary file not shown.

1675
java/kotlin-extractor/deps/license Normal file
View File

File diff suppressed because one or more lines are too long

1
java/kotlin-extractor/dev/.gitignore vendored Normal file
View File

@@ -0,0 +1 @@
/.kotlinc_*

3
java/kotlin-extractor/dev/kotlin Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
exec -a "$0" "$(dirname "$0")/wrapper.py" kotlin "$@"

4
java/kotlin-extractor/dev/kotlin.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
python "%~dp0wrapper.py" kotlin %*
exit /b %ERRORLEVEL%

3
java/kotlin-extractor/dev/kotlinc Executable file
View File

@@ -0,0 +1,3 @@
#!/bin/bash
exec -a "$0" "$(dirname "$0")/wrapper.py" kotlinc "$@"

4
java/kotlin-extractor/dev/kotlinc.bat Normal file
View File

@@ -0,0 +1,4 @@
@echo off
python "%~dp0wrapper.py" kotlinc %*
exit /b %ERRORLEVEL%

180
java/kotlin-extractor/dev/wrapper.py Executable file
View File

@@ -0,0 +1,180 @@
#!/usr/bin/env python3
"""
Wrapper script that manages kotlin versions.
Usage: add this directory to your PATH, then
* `kotlin* --select x.y.z` will select the version for the next invocations, checking it actually exists
* `kotlin* --clear` will remove any state of the wrapper (deselecting a previous version selection)
* `kotlinc -version` will print the selected version information. It will not print `JRE` information as a normal
`kotlinc` invocation would do though. In exchange, the invocation incurs no overhead.
* Any other invocation will forward to the selected kotlin tool version, downloading it if necessary. If no version was
previously selected with `--select`, a default will be used (see `DEFAULT_VERSION` below)
In order to install kotlin, ripunzip will be used if installed, or if running on Windows within `semmle-code` (ripunzip
is available in `resources/lib/windows/ripunzip` then).
"""
import pathlib
import urllib
import urllib.request
import urllib.error
import argparse
import sys
import platform
import subprocess
import zipfile
import shutil
import io
import os
DEFAULT_VERSION = "2.0.0"
def options():
parser = argparse.ArgumentParser(add_help=False)
parser.add_argument("tool")
parser.add_argument("--select")
parser.add_argument("--clear", action="store_true")
parser.add_argument("-version", action="store_true")
return parser.parse_known_args()
file_template = "kotlin-compiler-{version}.zip"
url_template = "https://github.com/JetBrains/kotlin/releases/download/v{version}/kotlin-compiler-{version}.zip"
this_dir = pathlib.Path(__file__).resolve().parent
version_file = this_dir / ".kotlinc_version"
install_dir = this_dir / ".kotlinc_installed"
zips_dir = this_dir / ".kotlinc_zips"
windows_ripunzip = (
this_dir.parents[4] / "resources" / "lib" / "windows" / "ripunzip" / "ripunzip.exe"
)
class Error(Exception):
pass
class ZipFilePreservingPermissions(zipfile.ZipFile):
def _extract_member(self, member, targetpath, pwd):
if not isinstance(member, zipfile.ZipInfo):
member = self.getinfo(member)
targetpath = super()._extract_member(member, targetpath, pwd)
attr = member.external_attr >> 16
if attr != 0:
os.chmod(targetpath, attr)
return targetpath
def get_version():
try:
return version_file.read_text()
except FileNotFoundError:
return None
def install(version: str, quiet: bool):
if quiet:
info_out = subprocess.DEVNULL
info = lambda *args: None
else:
info_out = sys.stderr
info = lambda *args: print(*args, file=sys.stderr)
file = file_template.format(version=version)
url = url_template.format(version=version)
if install_dir.exists():
shutil.rmtree(install_dir)
install_dir.mkdir()
zips_dir.mkdir(exist_ok=True)
zip = zips_dir / file
if not zip.exists():
info(f"downloading {url}")
tmp_zip = zip.with_suffix(".tmp")
with open(tmp_zip, "wb") as out, urllib.request.urlopen(url) as response:
shutil.copyfileobj(response, out)
tmp_zip.rename(zip)
ripunzip = shutil.which("ripunzip")
if (
ripunzip is None
and platform.system() == "Windows"
and windows_ripunzip.exists()
):
ripunzip = windows_ripunzip
if ripunzip:
info(f"extracting {zip} using ripunzip")
subprocess.run(
[ripunzip, "unzip-file", zip],
stdout=info_out,
stderr=info_out,
cwd=install_dir,
check=True,
)
else:
info(f"extracting {zip}")
with ZipFilePreservingPermissions(zip) as archive:
archive.extractall(install_dir)
def forward(tool, forwarded_opts):
tool = install_dir / "kotlinc" / "bin" / tool
if platform.system() == "Windows":
tool = tool.with_suffix(".bat")
assert tool.exists(), f"{tool} not found"
args = [tool]
args.extend(forwarded_opts)
ret = subprocess.run(args).returncode
sys.exit(ret)
def clear():
if install_dir.exists():
print(f"removing {install_dir}", file=sys.stderr)
shutil.rmtree(install_dir)
if version_file.exists():
print(f"removing {version_file}", file=sys.stderr)
version_file.unlink()
if zips_dir.exists():
print(f"removing {zips_dir}", file=sys.stderr)
shutil.rmtree(zips_dir)
def main(opts, forwarded_opts):
if opts.clear:
clear()
return
current_version = get_version()
if opts.select == "default":
selected_version = DEFAULT_VERSION
elif opts.select is not None:
selected_version = opts.select
else:
selected_version = current_version or DEFAULT_VERSION
if selected_version != current_version:
# don't print information about install procedure unless explicitly using --select
install(selected_version, quiet=opts.select is None)
version_file.write_text(selected_version)
if opts.select and not forwarded_opts and not opts.version:
print(f"selected {selected_version}")
return
if opts.version:
if opts.tool == "kotlinc":
print(
f"info: kotlinc-jvm {selected_version} (codeql dev wrapper)",
file=sys.stderr,
)
return
forwarded_opts.append("-version")
forward(opts.tool, forwarded_opts)
if __name__ == "__main__":
try:
main(*options())
except Error as e:
print(f"Error: {e}", file=sys.stderr)
sys.exit(1)
except KeyboardInterrupt:
sys.exit(1)

3
java/kotlin-extractor/generate_dbscheme.py
View File

@@ -8,6 +8,7 @@ unions = {}
tables = {}
dbscheme = sys.argv[1] if len(sys.argv) >= 2 else '../ql/lib/config/semmlecode.dbscheme'
output = sys.argv[2] if len(sys.argv) >= 3 else 'src/main/kotlin/KotlinExtractorDbScheme.kt'
def parse_dbscheme(filename):
with open(filename, 'r') as f:
@@ -152,7 +153,7 @@ def genTable(kt, relname, columns, enum = None, kind = None, num = None, typ = N
kt.write(')\\n")\n')
kt.write('}\n')
with open('src/main/kotlin/KotlinExtractorDbScheme.kt', 'w') as kt:
with open(output, 'w') as kt:
kt.write('/* Generated by ' + sys.argv[0] + ': Do not edit manually. */\n')
kt.write('package com.github.codeql\n')
kt.write('import java.util.Date\n')

90
java/kotlin-extractor/kotlin_plugin_versions.py
View File

@@ -1,90 +0,0 @@
#!/usr/bin/python
import platform
import re
import shutil
import subprocess
import sys
def is_windows():
'''Whether we appear to be running on Windows'''
if platform.system() == 'Windows':
return True
if platform.system().startswith('CYGWIN'):
return True
return False
class Version:
def __init__(self, major, minor, patch, tag):
self.major = major
self.minor = minor
self.patch = patch
self.tag = tag
def toTupleWithTag(self):
return [self.major, self.minor, self.patch, self.tag]
def toTupleNoTag(self):
return [self.major, self.minor, self.patch]
def lessThan(self, other):
return self.toTupleNoTag() < other.toTupleNoTag()
def lessThanOrEqual(self, other):
return self.toTupleNoTag() <= other.toTupleNoTag()
def toString(self):
return f'{self.major}.{self.minor}.{self.patch}{self.tag}'
def toLanguageVersionString(self):
return f'{self.major}.{self.minor}'
def version_string_to_version(version):
m = re.match(r'([0-9]+)\.([0-9]+)\.([0-9]+)(.*)', version)
return Version(int(m.group(1)), int(m.group(2)), int(m.group(3)), m.group(4))
# Version number used by CI.
ci_version = '1.9.0'
many_versions = [ '1.5.0', '1.5.10', '1.5.20', '1.5.30', '1.6.0', '1.6.20', '1.7.0', '1.7.20', '1.8.0', '1.9.0-Beta', '1.9.20-Beta', '2.0.0-RC1' ]
many_versions_versions = [version_string_to_version(v) for v in many_versions]
many_versions_versions_asc = sorted(many_versions_versions, key = lambda v: v.toTupleWithTag())
many_versions_versions_desc = reversed(many_versions_versions_asc)
class KotlincNotFoundException(Exception):
pass
def get_single_version(fakeVersionOutput = None):
# kotlinc might be kotlinc.bat or kotlinc.cmd on Windows, so we use `which` to find out what it is
kotlinc = shutil.which('kotlinc')
if kotlinc is None:
raise KotlincNotFoundException()
versionOutput = subprocess.run([kotlinc, '-version'], stdout=subprocess.PIPE, stderr=subprocess.PIPE, universal_newlines=True).stderr if fakeVersionOutput is None else fakeVersionOutput
m = re.match(r'.* kotlinc-jvm ([0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z][a-zA-Z0-9]*)?) .*', versionOutput)
if m is None:
raise Exception('Cannot detect version of kotlinc (got ' + str(versionOutput) + ')')
current_version = version_string_to_version(m.group(1))
for version in many_versions_versions_desc:
if version.lessThanOrEqual(current_version):
return version.toString()
raise Exception(f'No suitable kotlinc version found for {current_version} (got {versionOutput}; know about {str(many_versions)})')
def get_latest_url():
url = 'https://github.com/JetBrains/kotlin/releases/download/v' + ci_version + '/kotlin-compiler-' + ci_version + '.zip'
return url
if __name__ == "__main__":
args = sys.argv
if len(args) < 2:
raise Exception("Bad arguments")
command = args[1]
if command == 'latest-url':
print(get_latest_url())
elif command == 'single-version':
print(get_single_version(*args[2:]))
else:
raise Exception("Unknown command: " + command)

41
java/kotlin-extractor/pick-kotlin-version.py Executable file
View File

@@ -0,0 +1,41 @@
#!/usr/bin/env python3
"""
Script to get currently installed kotlinc version. If a list of available versions is provided as input,
the last version of those lower or equal to the kotlinc version is printed.
"""
import subprocess
import re
import shutil
import argparse
import sys
def version_tuple(v):
v, _, _ = v.partition('-')
return tuple(int(x) for x in v.split(".", 2))
p = argparse.ArgumentParser(description=__doc__, fromfile_prefix_chars='@')
p.add_argument("available_versions", nargs="*", metavar="X.Y.Z")
opts = p.parse_args()
kotlinc = shutil.which('kotlinc')
if kotlinc is None:
raise Exception("kotlinc not found")
res = subprocess.run([kotlinc, "-version"], text=True, stdout=subprocess.DEVNULL, stderr=subprocess.PIPE)
if res.returncode != 0:
raise Exception(f"kotlinc -version failed: {res.stderr}")
m = re.match(r'.* kotlinc-jvm ([0-9]+\.[0-9]+\.[0-9]+(-[a-zA-Z][a-zA-Z0-9]*)?) .*', res.stderr)
if m is None:
raise Exception(f'Cannot detect version of kotlinc (got {res.stderr})')
version = m[1]
if opts.available_versions:
vt = version_tuple(version)
available = sorted(opts.available_versions, key=version_tuple, reverse=True)
for v in available:
if version_tuple(v) <= vt:
print(v)
sys.exit(0)
raise Exception(f'Cannot find an available version for {version}')
print(version)

291
java/kotlin-extractor/src/main/java/com/semmle/extractor/java/OdasaOutput.java
View File

@@ -39,7 +39,6 @@ import com.semmle.util.data.Pair;
import com.semmle.util.exception.CatastrophicError;
import com.semmle.util.exception.NestedError;
import com.semmle.util.exception.ResourceError;
import com.semmle.util.extraction.PopulationSpecFile;
import com.semmle.util.extraction.SpecFileEntry;
import com.semmle.util.files.FileUtil;
import com.semmle.util.io.WholeIO;
@@ -67,7 +66,9 @@ public class OdasaOutput {
private final Logger log;
private final Compression compression;
/** DEBUG only: just use the given file as the root for TRAP, source archive etc */
/**
* DEBUG only: just use the given file as the root for TRAP, source archive etc
*/
OdasaOutput(File outputRoot, Compression compression, Logger log) {
this.trapFolder = new File(outputRoot, "trap");
this.sourceArchiveFolder = new File(outputRoot, "src_archive");
@@ -77,14 +78,16 @@ public class OdasaOutput {
}
public OdasaOutput(boolean trackClassOrigins, Compression compression, Logger log) {
String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR", Var.TRAP_FOLDER.name());
String trapFolderVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_TRAP_DIR",
Var.TRAP_FOLDER.name());
if (trapFolderVar == null) {
throw new ResourceError("CODEQL_EXTRACTOR_JAVA_TRAP_DIR was not set");
}
String sourceArchiveVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR", Var.SOURCE_ARCHIVE.name());
String sourceArchiveVar = Env.systemEnv().getFirstNonEmpty("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR",
Var.SOURCE_ARCHIVE.name());
if (sourceArchiveVar == null) {
throw new ResourceError("CODEQL_EXTRACTOR_JAVA_SOURCE_ARCHIVE_DIR was not set");
}
}
this.trapFolder = new File(trapFolderVar);
this.sourceArchiveFolder = new File(sourceArchiveVar);
this.trackClassOrigins = trackClassOrigins;
@@ -104,6 +107,7 @@ public class OdasaOutput {
* Set the source file that is currently being processed. This may affect
* things like trap and source archive directories, and persists as a
* setting until this method is called again.
*
* @param f the current source file
*/
public void setCurrentSourceFile(File f) {
@@ -130,7 +134,7 @@ public class OdasaOutput {
private File trapSetFor(File file) {
return FileUtil.appendAbsolutePath(
currentSpecFileEntry.getTrapFolder(), PathTransformer.std().fileAsDatabaseString(file) + ".set");
currentSpecFileEntry.getTrapFolder(), PathTransformer.std().fileAsDatabaseString(file) + ".set");
}
public void addDependency(IrDeclaration sym, String signature) {
@@ -185,7 +189,8 @@ public class OdasaOutput {
return null;
return FileUtil.appendAbsolutePath(
currentSpecFileEntry.getTrapFolder(),
JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap" + compression.getExtension());
JARS_DIR + "/" + PathTransformer.std().fileAsDatabaseString(jarFile) + ".trap"
+ compression.getExtension());
}
private File getTrapFileForModule(String moduleName) {
@@ -213,13 +218,13 @@ public class OdasaOutput {
private String trapFilePathForDecl(IrElement sym, String signature) {
String binaryName = getIrElementBinaryName(sym);
// TODO: Reinstate this?
//if (getTrackClassOrigins())
// classId += "-" + StringDigestor.digest(sym.getSourceFileId());
// if (getTrackClassOrigins())
// classId += "-" + StringDigestor.digest(sym.getSourceFileId());
String result = CLASSES_DIR + "/" +
binaryName.replace('.', '/') +
signature +
".members" +
".trap" + compression.getExtension();
binaryName.replace('.', '/') +
signature +
".members" +
".trap" + compression.getExtension();
return result;
}
@@ -229,16 +234,21 @@ public class OdasaOutput {
/**
* Get a {@link TrapFileManager} to write members
* about a declaration, or <code>null</code> if the declaration shouldn't be populated.
* about a declaration, or <code>null</code> if the declaration shouldn't be
* populated.
*
* @param sym
* The declaration's symbol, including, in particular, its fully qualified
* binary class name.
* The declaration's symbol, including, in particular, its
* fully qualified
* binary class name.
* @param signature
* Any unique suffix needed to distinguish `sym` from other declarations with the same name.
* For functions for example, this means its parameter signature.
* Any unique suffix needed to distinguish `sym` from other
* declarations with the same name.
* For functions for example, this means its parameter
* signature.
*/
private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion, IrElement sym, String signature) {
private TrapFileManager getMembersWriterForDecl(File trap, File trapFileBase, TrapClassVersion trapFileVersion,
IrElement sym, String signature) {
// If the TRAP file already exists then we
// don't need to write it.
if (trap.exists()) {
@@ -250,7 +260,8 @@ public class OdasaOutput {
// don't need to rewrite it only to rename it
// again.
File trapFileDir = trap.getParentFile();
File trapOld = new File(trapFileDir, trap.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension()));
File trapOld = new File(trapFileDir,
trap.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension()));
if (trapOld.exists()) {
log.trace("Not rewriting trap file for " + trap.toString() + " as the trap-old exists");
return null;
@@ -261,11 +272,12 @@ public class OdasaOutput {
if (trapFileBase != null && trapFileVersion != null && trapFileDir.exists()) {
String trapFileBaseName = trapFileBase.getName();
for (File f: FileUtil.list(trapFileDir)) {
for (File f : FileUtil.list(trapFileDir)) {
String name = f.getName();
Matcher m = selectClassVersionComponents.matcher(name);
if (m.matches() && m.group(1).equals(trapFileBaseName)) {
TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5));
TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)),
Long.valueOf(m.group(4)), m.group(5));
if (v.newerThan(trapFileVersion)) {
log.trace("Not rewriting trap file for " + trap.toString() + " as " + f.toString() + " exists");
return null;
@@ -285,7 +297,8 @@ public class OdasaOutput {
return concurrentWriter(trapFile, relative, log, sym, signature);
}
private TrapFileManager concurrentWriter(File trapFile, String relative, Logger log, IrElement sym, String signature) {
private TrapFileManager concurrentWriter(File trapFile, String relative, Logger log, IrElement sym,
String signature) {
if (trapFile.exists())
return null;
return new TrapFileManager(trapFile, relative, true, log, sym, signature);
@@ -299,7 +312,8 @@ public class OdasaOutput {
private String signature;
private boolean hasError = false;
private TrapFileManager(File trapFile, String relative, boolean concurrentCreation, Logger log, IrElement sym, String signature) {
private TrapFileManager(File trapFile, String relative, boolean concurrentCreation, Logger log, IrElement sym,
String signature) {
trapDependenciesForClass = new TrapDependencies(relative);
this.trapFile = trapFile;
this.sym = sym;
@@ -325,6 +339,7 @@ public class OdasaOutput {
writeTrapDependencies(trapDependenciesForClass);
}
private void writeTrapDependencies(TrapDependencies trapDependencies) {
String dep = trapDependencies.trapFile().replace(".trap" + compression.getExtension(), ".dep");
trapDependencies.save(
@@ -340,56 +355,77 @@ public class OdasaOutput {
* Trap file locking.
*/
private final Pattern selectClassVersionComponents = Pattern.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap.*");
private final Pattern selectClassVersionComponents = Pattern
.compile("(.*)#(-?[0-9]+)\\.(-?[0-9]+)-(-?[0-9]+)-(.*)\\.trap.*");
/**
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple concurrent extractor processes,
* only one source file {@link TrapLocker} may be open at any time, and the lock must be obtained
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple
* concurrent extractor processes,
* only one source file {@link TrapLocker} may be open at any time, and the lock
* must be obtained
* <b>before</b> any <b>class</b> file lock.
*
* Trap file extensions (and paths) ensure that source and class file locks are distinct.
* Trap file extensions (and paths) ensure that source and class file locks are
* distinct.
*
* @return a {@link TrapLocker} for the currently processed source file, which must have been
* previously set by a call to {@link OdasaOutput#setCurrentSourceFile(File)}.
* @return a {@link TrapLocker} for the currently processed source file, which
* must have been
* previously set by a call to
* {@link OdasaOutput#setCurrentSourceFile(File)}.
*/
public TrapLocker getTrapLockerForCurrentSourceFile() {
return new TrapLocker((IrClass)null, null, true);
return new TrapLocker((IrClass) null, null, true);
}
/**
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple concurrent extractor processes,
* only one jar file {@link TrapLocker} may be open at any time, and the lock must be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file lock may be open at any time.
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple
* concurrent extractor processes,
* only one jar file {@link TrapLocker} may be open at any time, and the lock
* must be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file lock may
* be open at any time.
*
* Trap file extensions (and paths) ensure that source and jar file locks are distinct.
* Trap file extensions (and paths) ensure that source and jar file locks are
* distinct.
*
* @return a {@link TrapLocker} for the trap file corresponding to the given jar file.
* @return a {@link TrapLocker} for the trap file corresponding to the given jar
* file.
*/
public TrapLocker getTrapLockerForJarFile(File jarFile) {
return new TrapLocker(jarFile);
}
/**
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple concurrent extractor processes,
* only one module {@link TrapLocker} may be open at any time, and the lock must be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file or module lock may be open at any time.
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple
* concurrent extractor processes,
* only one module {@link TrapLocker} may be open at any time, and the lock must
* be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file or
* module lock may be open at any time.
*
* Trap file extensions (and paths) ensure that source and module file locks are distinct.
* Trap file extensions (and paths) ensure that source and module file locks are
* distinct.
*
* @return a {@link TrapLocker} for the trap file corresponding to the given module.
* @return a {@link TrapLocker} for the trap file corresponding to the given
* module.
*/
public TrapLocker getTrapLockerForModule(String moduleName) {
return new TrapLocker(moduleName);
}
/**
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple concurrent extractor processes,
* only one class file {@link TrapLocker} may be open at any time, and the lock must be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file lock may be open at any time.
* <b>CAUTION</b>: to avoid the potential for deadlock between multiple
* concurrent extractor processes,
* only one class file {@link TrapLocker} may be open at any time, and the lock
* must be obtained
* <b>after</b> any <b>source</b> file lock. Only one jar or class file lock may
* be open at any time.
*
* Trap file extensions (and paths) ensure that source and class file locks are distinct.
* Trap file extensions (and paths) ensure that source and class file locks are
* distinct.
*
* @return a {@link TrapLocker} for the trap file corresponding to the given class symbol.
* @return a {@link TrapLocker} for the trap file corresponding to the given
* class symbol.
*/
public TrapLocker getTrapLockerForDecl(IrElement sym, String signature, boolean fromSource) {
return new TrapLocker(sym, signature, fromSource);
@@ -403,10 +439,11 @@ public class OdasaOutput {
private File trapFileBase = null;
private TrapClassVersion trapFileVersion = null;
private final String signature;
private TrapLocker(IrElement decl, String signature, boolean fromSource) {
this.sym = decl;
this.signature = signature;
if (sym==null) {
if (sym == null) {
log.error("Null symbol passed for Kotlin TRAP locker");
trapFile = null;
} else {
@@ -422,21 +459,25 @@ public class OdasaOutput {
// in a single directory. This makes our directory listings later slow.
// To avoid this, rather than using files named .../Foo*, we use .../Foo/Foo*.
trapFileBase = new File(new File(normalTrapFile.getParentFile(), baseName), baseName);
trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap" + compression.getExtension());
trapFile = new File(trapFileBase.getPath() + '#' + trapFileVersion.toString() + ".trap"
+ compression.getExtension());
}
}
private TrapLocker(File jarFile) {
sym = null;
signature = null;
trapFile = getTrapFileForJarFile(jarFile);
}
private TrapLocker(String moduleName) {
sym = null;
signature = null;
trapFile = getTrapFileForModule(moduleName);
}
public TrapFileManager getTrapFileManager() {
if (trapFile!=null) {
if (trapFile != null) {
return getMembersWriterForDecl(trapFile, trapFileBase, trapFileVersion, sym, signature);
} else {
return null;
@@ -445,7 +486,7 @@ public class OdasaOutput {
@Override
public void close() {
if (trapFile!=null) {
if (trapFile != null) {
// Now that we have finished writing our TRAP file, we want
// to rename and TRAP file that matches our trapFileBase
// but doesn't have the latest metadata.
@@ -458,12 +499,13 @@ public class OdasaOutput {
String trapFileBaseName = trapFileBase.getName();
List<Pair<File, TrapClassVersion>> pairs = new LinkedList<Pair<File, TrapClassVersion>>();
for (File f: FileUtil.list(trapFileDir)) {
for (File f : FileUtil.list(trapFileDir)) {
String name = f.getName();
Matcher m = selectClassVersionComponents.matcher(name);
if (m.matches()) {
if (m.group(1).equals(trapFileBaseName)) {
TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)), Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5));
TrapClassVersion v = new TrapClassVersion(Integer.valueOf(m.group(2)),
Integer.valueOf(m.group(3)), Long.valueOf(m.group(4)), m.group(5));
pairs.add(new Pair<File, TrapClassVersion>(f, v));
} else {
// Everything in this directory should be for the same TRAP file base
@@ -490,10 +532,12 @@ public class OdasaOutput {
};
TrapClassVersion latestVersion = Collections.max(pairs, comparator).snd();
for (Pair<File, TrapClassVersion> p: pairs) {
for (Pair<File, TrapClassVersion> p : pairs) {
if (!latestVersion.equals(p.snd())) {
File f = p.fst();
File fOld = new File(f.getParentFile(), f.getName().replace(".trap" + compression.getExtension(), ".trap-old" + compression.getExtension()));
File fOld = new File(f.getParentFile(),
f.getName().replace(".trap" + compression.getExtension(),
".trap-old" + compression.getExtension()));
// We aren't interested in whether or not this succeeds;
// it may fail because a concurrent extractor has already
// renamed it.
@@ -528,7 +572,9 @@ public class OdasaOutput {
return lastModified;
}
public String getExtractorName() { return extractorName; }
public String getExtractorName() {
return extractorName;
}
private TrapClassVersion(int majorVersion, int minorVersion, long lastModified, String extractorName) {
this.majorVersion = majorVersion;
@@ -540,24 +586,37 @@ public class OdasaOutput {
@Override
public boolean equals(Object obj) {
if (obj instanceof TrapClassVersion) {
TrapClassVersion other = (TrapClassVersion)obj;
return majorVersion == other.majorVersion && minorVersion == other.minorVersion && lastModified == other.lastModified && extractorName.equals(other.extractorName);
TrapClassVersion other = (TrapClassVersion) obj;
return majorVersion == other.majorVersion && minorVersion == other.minorVersion
&& lastModified == other.lastModified && extractorName.equals(other.extractorName);
} else {
return false;
}
}
@Override
public int hashCode() {
int hash = 7;
hash = 31 * hash + majorVersion;
hash = 31 * hash + minorVersion;
hash = 31 * hash + (int) lastModified;
hash = 31 * hash + (extractorName == null ? 0 : extractorName.hashCode());
return hash;
}
private boolean newerThan(TrapClassVersion tcv) {
// Classes being compiled from source have major version 0 but should take precedence
// Classes being compiled from source have major version 0 but should take
// precedence
// over any classes with the same qualified name loaded from the classpath
// in previous or subsequent extractor invocations.
if (tcv.majorVersion == 0 && majorVersion != 0)
return false;
else if (majorVersion == 0 && tcv.majorVersion != 0)
return true;
// Always consider the Kotlin extractor superior to the Java extractor, because we may decode and extract
// Always consider the Kotlin extractor superior to the Java extractor, because
// we may decode and extract
// Kotlin metadata that the Java extractor can't understand:
if(!Objects.equals(tcv.extractorName, extractorName)) {
if (!Objects.equals(tcv.extractorName, extractorName)) {
if (Objects.equals(tcv.extractorName, "kotlin"))
return false;
if (Objects.equals(extractorName, "kotlin"))
@@ -568,56 +627,57 @@ public class OdasaOutput {
return tcv.majorVersion < majorVersion ||
(tcv.majorVersion == majorVersion && tcv.minorVersion < minorVersion) ||
(tcv.majorVersion == majorVersion && tcv.minorVersion == minorVersion &&
tcv.lastModified < lastModified);
tcv.lastModified < lastModified);
}
private static Map<String, Map<String, Long>> jarFileEntryTimeStamps = new HashMap<>();
private static Map<String, Map<String, Long>> jarFileEntryTimeStamps = new HashMap<>();
private static Map<String, Long> getZipFileEntryTimeStamps(String path, Logger log) {
try {
Map<String, Long> result = new HashMap<>();
ZipFile zf = new ZipFile(path);
Enumeration<? extends ZipEntry> entries = zf.entries();
while (entries.hasMoreElements()) {
ZipEntry ze = entries.nextElement();
result.put(ze.getName(), ze.getLastModifiedTime().toMillis());
}
return result;
} catch(IOException e) {
log.warn("Failed to get entry timestamps from " + path, e);
return null;
}
}
private static Map<String, Long> getZipFileEntryTimeStamps(String path, Logger log) {
try {
Map<String, Long> result = new HashMap<>();
ZipFile zf = new ZipFile(path);
Enumeration<? extends ZipEntry> entries = zf.entries();
while (entries.hasMoreElements()) {
ZipEntry ze = entries.nextElement();
result.put(ze.getName(), ze.getLastModifiedTime().toMillis());
}
return result;
} catch (IOException e) {
log.warn("Failed to get entry timestamps from " + path, e);
return null;
}
}
private static long getVirtualFileTimeStamp(VirtualFile vf, Logger log) {
if (vf.getFileSystem().getProtocol().equals("jar")) {
String[] parts = vf.getPath().split("!/");
if (parts.length == 2) {
String jarFilePath = parts[0];
String entryPath = parts[1];
if (!jarFileEntryTimeStamps.containsKey(jarFilePath)) {
jarFileEntryTimeStamps.put(jarFilePath, getZipFileEntryTimeStamps(jarFilePath, log));
}
Map<String, Long> entryTimeStamps = jarFileEntryTimeStamps.get(jarFilePath);
if (entryTimeStamps != null) {
Long entryTimeStamp = entryTimeStamps.get(entryPath);
if (entryTimeStamp != null)
return entryTimeStamp;
else
log.warn("Couldn't find timestamp for jar file " + jarFilePath + " entry " + entryPath);
}
} else {
log.warn("Expected JAR-file path " + vf.getPath() + " to have exactly one '!/' separator");
}
}
private static long getVirtualFileTimeStamp(VirtualFile vf, Logger log) {
if (vf.getFileSystem().getProtocol().equals("jar")) {
String[] parts = vf.getPath().split("!/");
if (parts.length == 2) {
String jarFilePath = parts[0];
String entryPath = parts[1];
if (!jarFileEntryTimeStamps.containsKey(jarFilePath)) {
jarFileEntryTimeStamps.put(jarFilePath, getZipFileEntryTimeStamps(jarFilePath, log));
}
Map<String, Long> entryTimeStamps = jarFileEntryTimeStamps.get(jarFilePath);
if (entryTimeStamps != null) {
Long entryTimeStamp = entryTimeStamps.get(entryPath);
if (entryTimeStamp != null)
return entryTimeStamp;
else
log.warn("Couldn't find timestamp for jar file " + jarFilePath + " entry " + entryPath);
}
} else {
log.warn("Expected JAR-file path " + vf.getPath() + " to have exactly one '!/' separator");
}
}
// For all files except for jar files, and a fallback in case of I/O problems reading a jar file:
return vf.getTimeStamp();
}
// For all files except for jar files, and a fallback in case of I/O problems
// reading a jar file:
return vf.getTimeStamp();
}
private static VirtualFile getVirtualFileIfClass(IrElement e) {
if (e instanceof IrClass)
return getIrClassVirtualFile((IrClass)e);
return getIrClassVirtualFile((IrClass) e);
else
return null;
}
@@ -625,7 +685,7 @@ public class OdasaOutput {
private static TrapClassVersion fromSymbol(IrElement sym, Logger log) {
VirtualFile vf = getVirtualFileIfClass(sym);
if (vf == null && sym instanceof IrDeclaration)
vf = getVirtualFileIfClass(((IrDeclaration)sym).getParent());
vf = getVirtualFileIfClass(((IrDeclaration) sym).getParent());
if (vf == null)
return new TrapClassVersion(-1, 0, 0, null);
@@ -636,12 +696,12 @@ public class OdasaOutput {
// We want to use the latest one that there is.
Field asmField = null;
int asmNum = -1;
for(Field f : Opcodes.class.getDeclaredFields()) {
for (Field f : Opcodes.class.getDeclaredFields()) {
String name = f.getName();
if(name.startsWith("ASM")) {
if (name.startsWith("ASM")) {
try {
int i = Integer.parseInt(name.substring(3));
if(i > asmNum) {
if (i > asmNum) {
asmNum = i;
asmField = f;
}
@@ -652,26 +712,29 @@ public class OdasaOutput {
}
int asm = asmField.getInt(null);
ClassVisitor versionGetter = new ClassVisitor(asm) {
public void visit(int version, int access, java.lang.String name, java.lang.String signature, java.lang.String superName, java.lang.String[] interfaces) {
public void visit(int version, int access, java.lang.String name, java.lang.String signature,
java.lang.String superName, java.lang.String[] interfaces) {
versionStore[0] = version;
}
};
(new ClassReader(vf.contentsToByteArray())).accept(versionGetter, ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES);
(new ClassReader(vf.contentsToByteArray())).accept(versionGetter,
ClassReader.SKIP_CODE | ClassReader.SKIP_DEBUG | ClassReader.SKIP_FRAMES);
return new TrapClassVersion(versionStore[0] & 0xffff, versionStore[0] >> 16, getVirtualFileTimeStamp(vf, log), "kotlin");
}
catch(IllegalAccessException e) {
return new TrapClassVersion(versionStore[0] & 0xffff, versionStore[0] >> 16,
getVirtualFileTimeStamp(vf, log), "kotlin");
} catch (IllegalAccessException e) {
log.warn("Failed to read class file version information", e);
return new TrapClassVersion(-1, 0, 0, null);
}
catch(IOException e) {
} catch (IOException e) {
log.warn("Failed to read class file version information", e);
return new TrapClassVersion(-1, 0, 0, null);
}
}
private boolean isValid() {
return majorVersion>=0 && minorVersion>=0;
return majorVersion >= 0 && minorVersion >= 0;
}
@Override
public String toString() {
return majorVersion + "." + minorVersion + "-" + lastModified + "-" + extractorName;

100
java/kotlin-extractor/src/main/java/com/semmle/util/extraction/PopulationSpecFile.java
View File

@@ -1,100 +0,0 @@
package com.semmle.util.extraction;
import java.io.BufferedReader;
import java.io.File;
import java.io.FileReader;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import com.semmle.util.exception.ResourceError;
import com.semmle.util.files.FileUtil;
import com.semmle.util.process.Env;
import com.semmle.util.trap.pathtransformers.PathTransformer;
/**
* A file listing patterns of source files and which ODASA project
* each should be populated to (if any).
*/
public class PopulationSpecFile {
private final List<SpecFileEntry> specs = new ArrayList<SpecFileEntry>();
public PopulationSpecFile(File specFile) {
FileReader fileReader = null;
BufferedReader reader = null;
try {
fileReader = new FileReader(specFile);
reader = new BufferedReader(fileReader);
File dbPath = null;
File trapFolder = null;
File sourceArchivePath = null;
List<String> patterns = new ArrayList<String>();
String line;
while ((line = reader.readLine()) != null) {
line = line.trim();
if (line.length() == 0 || line.startsWith("@"))
continue;
if (line.startsWith("#")) {
if (dbPath != null)
specs.add(new SpecFileEntry(trapFolder, sourceArchivePath, patterns));
dbPath = null;
sourceArchivePath = null;
patterns = new ArrayList<String>();
} else if (line.startsWith("TRAP_FOLDER=")) {
trapFolder = new File(line.substring("TRAP_FOLDER=".length()));
} else if (line.startsWith("ODASA_DB=")) {
dbPath = new File(line.substring("ODASA_DB=".length()));
} else if (line.startsWith("SOURCE_ARCHIVE=")) {
sourceArchivePath = new File(line.substring("SOURCE_ARCHIVE=".length()));
} else if (line.startsWith("BUILD_ERROR_DIR=")) {
// Accept and ignore for backwards compatibility
} else if (line.startsWith("-")) {
File path = new File(line.substring(1).trim());
patterns.add("-" + normalisePathAndCase(path) + "/");
} else {
File path = new File(line);
patterns.add(normalisePathAndCase(path) + "/");
}
}
if (dbPath != null)
specs.add(new SpecFileEntry(trapFolder, sourceArchivePath, patterns));
} catch (IOException e) {
throw new ResourceError("I/O error while reading specification file at " + specFile, e);
} finally {
FileUtil.close(reader);
FileUtil.close(fileReader);
}
}
/**
* Get the entry for a file, or <code>null</code> if there is no matching entry
*/
public SpecFileEntry getEntryFor(File f) {
String path = normalisePathAndCase(f);
for (SpecFileEntry entry : specs)
if (entry.matches(path))
return entry;
return null;
}
/**
* Normalises the path like {@link PathTransformer#fileAsDatabaseString(File)}, and, in
* addition, converts it to all-lowercase if we're on a case-insensitive
* filesystem.
* @param file the file to normalise
* @return a normalised path that is lowercased if the file system is case-insensitive.
*/
private static String normalisePathAndCase(File file) {
String path = PathTransformer.std().fileAsDatabaseString(file);
if (!Env.getOS().isFileSystemCaseSensitive())
path = path.toLowerCase();
return path;
}
}

4
java/kotlin-extractor/src/main/java/com/semmle/util/process/Env.java
View File

@@ -50,10 +50,6 @@ public class Env {
* The location of any caches used by the toolchain, including compilation caches, trap caches, etc.
*/
SEMMLE_CACHE,
/**
* The location of the toolchain files, including the odasa jar, our queries etc.
*/
SEMMLE_DIST,
/**
* If running from a git tree, the root of the tree.
*/

2
java/kotlin-extractor/src/main/kotlin/KotlinUsesExtractor.kt
View File

@@ -1511,6 +1511,8 @@ open class KotlinUsesExtractor(
}
}
}
is IrDynamicType -> {}
is IrErrorType -> {}
}
return t
}

5
java/kotlin-extractor/src/main/kotlin/utils/versions/v_2_0_20-Beta2/getKotlinType.kt Normal file
View File

@@ -0,0 +1,5 @@
package com.github.codeql.utils.versions
import org.jetbrains.kotlin.ir.types.IrSimpleType
fun getKotlinType(s: IrSimpleType) = s.originalKotlinType

47
java/kotlin-extractor/versions.bzl Normal file
View File

@@ -0,0 +1,47 @@
# when updating this list, `bazel mod tidy` should be run from `codeql` to update `MODULE.bazel`
VERSIONS = [
"1.5.0",
"1.5.10",
"1.5.20",
"1.5.30",
"1.6.0",
"1.6.20",
"1.7.0",
"1.7.20",
"1.8.0",
"1.9.0-Beta",
"1.9.20-Beta",
"2.0.0-RC1",
"2.0.20-Beta2",
]
def _version_to_tuple(v):
# we ignore the tag when comparing versions, for example 1.9.0-Beta <= 1.9.0
v, _, ignored_tag = v.partition("-")
return tuple([int(x) for x in v.split(".")])
def version_less(lhs, rhs):
return _version_to_tuple(lhs) < _version_to_tuple(rhs)
def get_language_version(version):
major, minor, _ = _version_to_tuple(version)
return "%s.%s" % (major, minor)
def _basename(path):
if "/" not in path:
return path
return path[path.rindex("/") + 1:]
def get_compatilibity_sources(version, dir):
prefix = "%s/v_" % dir
available = native.glob(["%s*" % prefix], exclude_directories = 0)
# we want files with the same base name to replace ones for previous versions, hence the map
srcs = {}
for d in available:
compat_version = d[len(prefix):].replace("_", ".")
if version_less(version, compat_version):
break
files = native.glob(["%s/*.kt" % d])
srcs |= {_basename(f): f for f in files}
return srcs.values()

6
java/ql/automodel/src/AutomodelAlertSinkUtil.qll
View File

@@ -159,11 +159,7 @@ predicate sinkModelTallyPerQuery(string queryName, int alertCount, SinkModel sin
SinkTallier<RequestForgeryConfig>::getSinkModelCount(alertCount, sinkModel)
or
queryName = "java/command-line-injection" and
exists(int c1, int c2 |
SinkTallier<RemoteUserInputToArgumentToExecFlowConfig>::getSinkModelCount(c1, sinkModel) and
SinkTallier<LocalUserInputToArgumentToExecFlowConfig>::getSinkModelCount(c2, sinkModel) and
alertCount = c1 + c2
)
SinkTallier<InputToArgumentToExecFlowConfig>::getSinkModelCount(alertCount, sinkModel)
or
queryName = "java/concatenated-sql-query" and
SinkTallier<UncontrolledStringBuilderSourceFlowConfig>::getSinkModelCount(alertCount, sinkModel)

22
java/ql/automodel/src/CHANGELOG.md
View File

@@ -1,3 +1,25 @@
## 1.0.3
No user-facing changes.
## 1.0.2
No user-facing changes.
## 1.0.1
No user-facing changes.
## 1.0.0
### Breaking Changes
* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.
## 0.0.23
No user-facing changes.
## 0.0.22
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/0.0.23.md Normal file
View File

@@ -0,0 +1,3 @@
## 0.0.23
No user-facing changes.

5
java/ql/automodel/src/change-notes/released/1.0.0.md Normal file
View File

@@ -0,0 +1,5 @@
## 1.0.0
### Breaking Changes
* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

3
java/ql/automodel/src/change-notes/released/1.0.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.1
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/1.0.2.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.2
No user-facing changes.

3
java/ql/automodel/src/change-notes/released/1.0.3.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.0.3
No user-facing changes.

2
java/ql/automodel/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 0.0.22
lastReleaseVersion: 1.0.3

2
java/ql/automodel/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-queries
version: 0.0.23-dev
version: 1.0.4-dev
groups:
- java
- automodel

4
java/ql/automodel/test/change-notes/2024-05-23-Version1.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: breaking
---
* CodeQL package management is now generally available, and all GitHub-produced CodeQL packages have had their version numbers increased to 1.0.0.

2
java/ql/automodel/test/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-automodel-tests
version: 0.0.1-dev
version: 1.0.0-dev
groups:
- java
- automodel

6
java/ql/integration-tests/all-platforms/java/android-8-sample/.gitattributes vendored Normal file
View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

37
java/ql/integration-tests/all-platforms/java/android-8-sample/.gitignore vendored Normal file
View File

@@ -0,0 +1,37 @@
HELP.md
.gradle
build/
!gradle/wrapper/gradle-wrapper.jar
!**/src/main/**/build/
!**/src/test/**/build/
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
bin/
!**/src/main/**/bin/
!**/src/test/**/bin/
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
out/
!**/src/main/**/out/
!**/src/test/**/out/
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
### VS Code ###
.vscode/

13
java/ql/integration-tests/all-platforms/java/android-8-sample/build.gradle Normal file
View File

@@ -0,0 +1,13 @@
plugins {
/**
* Use `apply false` in the top-level build.gradle file to add a Gradle
* plugin as a build dependency but not apply it to the current (root)
* project. Don't use `apply false` in sub-projects. For more information,
* see Applying external plugins with same version to subprojects.
*/
id 'com.android.application' version '8.0.0' apply false
id 'com.android.library' version '8.0.0' apply false
id 'org.jetbrains.kotlin.android' version '1.7.20' apply false
}

4
java/ql/integration-tests/all-platforms/java/android-8-sample/force_sequential_test_execution Normal file
View File

@@ -0,0 +1,4 @@
# We currently have a bug where gradle tests become flaky when executed in parallel
# - sometimes, gradle fails to connect to the gradle daemon.
# Therefore, force this test to run sequentially.
# Additionally, Android SDK on-demand downloading can fail when multiple tests try to download the same SDK in parallel.

BIN
java/ql/integration-tests/all-platforms/java/android-8-sample/gradle/wrapper/gradle-wrapper.jar vendored Normal file
View File

Binary file not shown.

5
java/ql/integration-tests/all-platforms/java/android-8-sample/gradle/wrapper/gradle-wrapper.properties vendored Normal file
View File

@@ -0,0 +1,5 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-8.0-bin.zip
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

240
java/ql/integration-tests/all-platforms/java/android-8-sample/gradlew vendored Executable file
View File

@@ -0,0 +1,240 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/master/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
APP_NAME="Gradle"
APP_BASE_NAME=${0##*/}
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

91
java/ql/integration-tests/all-platforms/java/android-8-sample/gradlew.bat vendored Normal file
View File

@@ -0,0 +1,91 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

58
java/ql/integration-tests/all-platforms/java/android-8-sample/project/build.gradle Normal file
View File

@@ -0,0 +1,58 @@
/**
* The first line in the build configuration applies the Android Gradle plugin
* to this build and makes the android block available to specify
* Android-specific build options.
*/
plugins {
id 'com.android.application'
}
/**
* The android block is where you configure all your Android-specific
* build options.
*/
android {
/**
* The app's namespace. Used primarily to access app resources.
*/
namespace 'com.github.androidsample'
/**
* compileSdk specifies the Android API level Gradle should use to
* compile your app. This means your app can use the API features included in
* this API level and lower.
*/
compileSdk 33
/**
* The defaultConfig block encapsulates default settings and entries for all
* build variants and can override some attributes in main/AndroidManifest.xml
* dynamically from the build system. You can configure product flavors to override
* these values for different versions of your app.
*/
defaultConfig {
// Uniquely identifies the package for publishing.
applicationId 'com.github.androidsample'
// Defines the minimum API level required to run the app.
minSdk 21
// Specifies the API level used to test the app.
targetSdk 33
// Defines the version number of your app.
versionCode 1
// Defines a user-friendly version name for your app.
versionName "1.0"
}
variantFilter { variant -> if (variant.buildType.name == "debug") { setIgnore(true) } }
}

12
java/ql/integration-tests/all-platforms/java/android-8-sample/project/src/main/AndroidManifest.xml Normal file
View File

@@ -0,0 +1,12 @@
<?xml version="1.0" encoding="utf-8"?>
<manifest xmlns:android="http://schemas.android.com/apk/res/android"
package="com.github.androidsample">
<application android:label="AndroidSample">
<activity android:name="Main" android:exported="true">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</application>
</manifest>

11
java/ql/integration-tests/all-platforms/java/android-8-sample/project/src/main/java/com/github/androidsample/Main.java Normal file
View File

@@ -0,0 +1,11 @@
package com.github.androidsample;
import android.app.Activity;
import android.os.Bundle;
public class Main extends Activity
{
@Override
public void onCreate(Bundle savedInstanceState) {
}
}

40
java/ql/integration-tests/all-platforms/java/android-8-sample/settings.gradle Normal file
View File

@@ -0,0 +1,40 @@
pluginManagement {
/**
* The pluginManagement {repositories {...}} block configures the
* repositories Gradle uses to search or download the Gradle plugins and
* their transitive dependencies. Gradle pre-configures support for remote
* repositories such as JCenter, Maven Central, and Ivy. You can also use
* local repositories or define your own remote repositories. The code below
* defines the Gradle Plugin Portal, Google's Maven repository,
* and the Maven Central Repository as the repositories Gradle should use to look for its
* dependencies.
*/
repositories {
gradlePluginPortal()
google()
mavenCentral()
}
}
dependencyResolutionManagement {
/**
* The dependencyResolutionManagement {repositories {...}}
* block is where you configure the repositories and dependencies used by
* all modules in your project, such as libraries that you are using to
* create your application. However, you should configure module-specific
* dependencies in each module-level build.gradle file. For new projects,
* Android Studio includes Google's Maven repository and the Maven Central
* Repository by default, but it does not configure any dependencies (unless
* you select a template that requires some).
*/
repositoriesMode.set(RepositoriesMode.FAIL_ON_PROJECT_REPOS)
repositories {
google()
mavenCentral()
}
}
rootProject.name = "Android Sample"
include ':project'

20
java/ql/integration-tests/all-platforms/java/android-8-sample/test.expected Normal file
View File

@@ -0,0 +1,20 @@
#select
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-libraries.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-libraries.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/module.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-dependencies.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-libraries.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release-mainArtifact-libraries.xml |
| project/build/intermediates/incremental/lintVitalReportRelease/release.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalReportRelease/release.xml |
| project/build/intermediates/incremental/mergeReleaseAssets/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseAssets/merger.xml |
| project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseJniLibFolders/merger.xml |
| project/build/intermediates/incremental/mergeReleaseShaders/merger.xml:0:0:0:0 | project/build/intermediates/incremental/mergeReleaseShaders/merger.xml |
| project/build/intermediates/incremental/release/mergeReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/release/mergeReleaseResources/merger.xml |
| project/build/intermediates/incremental/release/packageReleaseResources/merger.xml:0:0:0:0 | project/build/intermediates/incremental/release/packageReleaseResources/merger.xml |
| project/build/intermediates/merged_manifest/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifest/release/AndroidManifest.xml |
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |

10
java/ql/integration-tests/all-platforms/java/android-8-sample/test.py Normal file
View File

@@ -0,0 +1,10 @@
import sys
from create_database_utils import *
# Put Java 11 on the path so as to challenge our version selection logic: Java 11 is unsuitable for Android Gradle Plugin 8+,
# so it will be necessary to notice Java 17 available in the environment and actively select it.
try_use_java11()
run_codeql_database_create([], lang="java")

7
java/ql/integration-tests/all-platforms/java/android-8-sample/test.ql Normal file
View File

@@ -0,0 +1,7 @@
import java
from File f
where f.isSourceFile()
select f
query predicate xmlFiles(XmlFile x) { any() }

6
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script-no-wrapper/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

6
java/ql/integration-tests/all-platforms/java/android-sample-kotlin-build-script/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

6
java/ql/integration-tests/all-platforms/java/android-sample-no-wrapper/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -15,6 +18,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script-no-wrapper/test.py
View File

@@ -1,6 +1,8 @@
import sys
from create_database_utils import *
from toolchains_test_utils import *
try_use_java11()
run_codeql_database_create([], lang="java")
toolchains_file = actions_expose_all_toolchains()
run_codeql_database_create([], lang="java", extra_env={"LGTM_INDEX_MAVEN_TOOLCHAINS_FILE": toolchains_file})

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-kotlin-build-script/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

7
java/ql/integration-tests/all-platforms/java/android-sample-old-style-no-wrapper/test.py
View File

@@ -1,7 +1,8 @@
import sys
from create_database_utils import *
from toolchains_test_utils import *
try_use_java11()
run_codeql_database_create([], lang="java")
toolchains_file = actions_expose_all_toolchains()
run_codeql_database_create([], lang="java", extra_env={"LGTM_INDEX_MAVEN_TOOLCHAINS_FILE": toolchains_file})

6
java/ql/integration-tests/all-platforms/java/android-sample-old-style/test.expected
View File

@@ -1,3 +1,6 @@
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |
xmlFiles
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/module.xml |
| project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml:0:0:0:0 | project/build/intermediates/incremental/lintVitalAnalyzeRelease/release-mainArtifact-dependencies.xml |
@@ -18,6 +21,3 @@ xmlFiles
| project/build/intermediates/merged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/merged_manifests/release/AndroidManifest.xml |
| project/build/intermediates/packaged_manifests/release/AndroidManifest.xml:0:0:0:0 | project/build/intermediates/packaged_manifests/release/AndroidManifest.xml |
| project/src/main/AndroidManifest.xml:0:0:0:0 | project/src/main/AndroidManifest.xml |
#select
| project/build/generated/source/buildConfig/release/com/github/androidsample/BuildConfig.java:0:0:0:0 | BuildConfig |
| project/src/main/java/com/github/androidsample/Main.java:0:0:0:0 | Main |

Some files were not shown because too many files have changed in this diff Show More