Merge branch 'main' into redsun82/kotlin

2026-04-22 15:25:18 +02:00 · 2024-04-16 16:13:31 +02:00
parent 306f0f172d 4886bb1116
commit a7411700ef
298 changed files with 3796 additions and 16152 deletions
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/buildless-fetches.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/buildless-fetches.expected
@@ -0,0 +1,5 @@
+https://repo.maven.apache.org/maven2/com/blazegraph/junit-ext/2.1.4/junit-ext-2.1.4.jar
+https://repo.maven.apache.org/maven2/com/greghaskins/spectrum/1.2.0/spectrum-1.2.0-tests.jar
+https://repo.maven.apache.org/maven2/com/pyx4me/cldcunit/2.0.4/cldcunit-2.0.4.jar
+https://repo.maven.apache.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
+https://repo1.maven.org/maven2/junit/junit/9.9.9/junit-9.9.9.jar
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
@@ -0,0 +1,126 @@
+{
+  "markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
+  "severity": "warning",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/buildless/suggested-classpath-fetches-failed",
+    "name": "Some build-system suggested dependencies could not be fetched"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Buildless extraction tried and failed to fetch a jar (`https://repo1.maven.org/maven2, junit:junit:jar:9.9.9`). If a temporary network outage is likely, consider retrying the scan.",
+  "severity": "warning",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/buildless/jar-fetch-failed",
+    "name": "Fetching a dependency jar failed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/using-build-tool-advice",
+    "name": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis used the system default JDK.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/jdk-system-default",
+    "name": "Java analysis used the system default JDK"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java analysis with build-mode 'none' completed.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/complete",
+    "name": "Java analysis with build-mode 'none' completed"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Java was extracted with build-mode set to 'none'. This means that all Java source in the working directory will be scanned, with build tools such as Maven and Gradle only contributing information about external dependencies.",
+  "severity": "note",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/mode-active",
+    "name": "Java was extracted with build-mode set to 'none'"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Reading the dependency graph from build files provided 1 classpath entries",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-provided-by-maven",
+    "name": "Java analysis extracted precise dependency graph information from tool Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
+  "severity": "warning",
+  "source": {
+    "extractorName": "java",
+    "id": "java/autobuilder/buildless/depgraph-maven-plugin-transfer-exception",
+    "name": "Java analysis encountered a transfer exception dependency graph from Maven"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": true,
+    "telemetry": true
+  }
+}
+{
+  "markdownMessage": "Some classpath entries had to be inferred from external package names used in source code -- for example, guessing that if `javax.xml.bind` is referred to, then JAXB should be added to the classpath. This means that the dependency information extracted from build scripts was insufficient. The dependencies guessed this way might be the wrong versions, leading to failure to extract some uses of those external libraries. The cause may be missing dependencies that should be generated at build time -- in this case, consider using a build mode other than 'none'. See the full analysis log for details of the inferred classpath entries.",
+  "severity": "unknown",
+  "source": {
+    "extractorName": "java",
+    "id": "java/extractor/buildless/supplied-classpath-insufficient",
+    "name": "Some classpath entries were inferred from used external package names"
+  },
+  "visibility": {
+    "cliSummaryTable": true,
+    "statusPage": false,
+    "telemetry": true
+  }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/pom.xml
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/pom.xml
@@ -0,0 +1,81 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+  <modelVersion>4.0.0</modelVersion>
+
+  <groupId>dlfs</groupId>
+  <artifactId>asdkfj</artifactId>
+  <version>1.0-SNAPSHOT</version>
+
+  <name>asdkfj</name>
+  <description>A simple asdkfj.</description>
+  <!-- FIXME change it to the project's website -->
+  <url>http://www.example.com</url>
+
+  <properties>
+    <project.build.sourceEncoding>UTF-8</project.build.sourceEncoding>
+    <maven.compiler.source>1.7</maven.compiler.source>
+    <maven.compiler.target>1.7</maven.compiler.target>
+  </properties>
+
+  <repositories>
+    <repository>
+      <id>my-repo1</id>
+      <name>your custom repo</name>
+      <url>https://saldkfjadksfj.info/releases</url>
+    </repository>
+  </repositories>
+
+  <dependencies>
+    <dependency>
+      <groupId>junit</groupId>
+      <artifactId>junit</artifactId>
+      <version>9.9.9</version>
+    </dependency>
+  </dependencies>
+
+  <build>
+    <pluginManagement><!-- lock down plugins versions to avoid using Maven defaults (may be moved to parent pom) -->
+      <plugins>
+        <plugin>
+          <artifactId>maven-clean-plugin</artifactId>
+          <version>3.1.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-site-plugin</artifactId>
+          <version>3.7.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-project-info-reports-plugin</artifactId>
+          <version>3.0.0</version>
+        </plugin>
+        <!-- see http://maven.apache.org/ref/current/maven-core/default-bindings.html#Plugin_bindings_for_jar_packaging -->
+        <plugin>
+          <artifactId>maven-resources-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-compiler-plugin</artifactId>
+          <version>3.8.0</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-surefire-plugin</artifactId>
+          <version>2.22.1</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-jar-plugin</artifactId>
+          <version>3.0.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-install-plugin</artifactId>
+          <version>2.5.2</version>
+        </plugin>
+        <plugin>
+          <artifactId>maven-deploy-plugin</artifactId>
+          <version>2.8.2</version>
+        </plugin>
+      </plugins>
+    </pluginManagement>
+  </build>
+</project>
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/main/java/dlfs/App.java
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/main/java/dlfs/App.java
@@ -0,0 +1,13 @@
+package dlfs;
+
+/**
+ * Hello world!
+ *
+ */
+public class App 
+{
+    public static void main( String[] args )
+    {
+        System.out.println( "Hello World!" );
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/site/site.xml
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/site/site.xml
@@ -0,0 +1,26 @@
+<?xml version="1.0" encoding="UTF-8"?>
+
+<project name="asdkfj" xmlns="http://maven.apache.org/DECORATION/1.8.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+  xsi:schemaLocation="http://maven.apache.org/DECORATION/1.8.0 http://maven.apache.org/xsd/decoration-1.8.0.xsd">
+  <bannerLeft>
+    <name>asdkfj</name>
+    <src>https://maven.apache.org/images/apache-maven-project.png</src>
+    <href>https://www.apache.org/</href>
+  </bannerLeft>
+
+  <bannerRight>
+    <src>https://maven.apache.org/images/maven-logo-black-on-white.png</src>
+    <href>https://maven.apache.org/</href>
+  </bannerRight>
+
+  <skin>
+    <groupId>org.apache.maven.skins</groupId>
+    <artifactId>maven-fluido-skin</artifactId>
+    <version>1.7</version>
+  </skin>
+
+  <body>
+    <menu ref="parent" />
+    <menu ref="reports" />
+  </body>
+</project>
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/test/java/dlfs/AppTest.java
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/src/test/java/dlfs/AppTest.java
@@ -0,0 +1,38 @@
+package dlfs;
+
+import junit.framework.Test;
+import junit.framework.TestCase;
+import junit.framework.TestSuite;
+
+/**
+ * Unit test for simple App.
+ */
+public class AppTest 
+    extends TestCase
+{
+    /**
+     * Create the test case
+     *
+     * @param testName name of the test case
+     */
+    public AppTest( String testName )
+    {
+        super( testName );
+    }
+
+    /**
+     * @return the suite of tests being tested
+     */
+    public static Test suite()
+    {
+        return new TestSuite( AppTest.class );
+    }
+
+    /**
+     * Rigourous Test :-)
+     */
+    public void testApp()
+    {
+        assertTrue( true );
+    }
+}
--- a/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/test.py
+++ b/java/ql/integration-tests/all-platforms/java/buildless-maven-tolerate-unavailable-dependency/test.py
@@ -0,0 +1,8 @@
+from create_database_utils import *
+from diagnostics_test_utils import *
+from buildless_test_utils import *
+
+run_codeql_database_create([], lang="java", extra_args=["--build-mode=none"])
+
+check_diagnostics()
+check_buildless_fetches()