diff --git a/java/ql/lib/ext/android.content.model.yml b/java/ql/lib/ext/android.content.model.yml index 23e3e376c12..a07799665db 100644 --- a/java/ql/lib/ext/android.content.model.yml +++ b/java/ql/lib/ext/android.content.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSourceModel data: + # ContentInterface models are here for backwards compatibility (it was removed in API 28) - ["android.content", "ContentInterface", True, "call", "(String,String,String,Bundle)", "", "Parameter[0..3]", "contentprovider", "manual"] - ["android.content", "ContentInterface", True, "delete", "(Uri,Bundle)", "", "Parameter[0..1]", "contentprovider", "manual"] - ["android.content", "ContentInterface", True, "getType", "(Uri)", "", "Parameter[0]", "contentprovider", "manual"] @@ -80,6 +81,7 @@ extensions: - ["android.content", "ComponentName", False, "unflattenFromString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["android.content", "ContentProvider", True, "query", "(Uri,String[],String,String[],String,CancellationSignal)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # ContentProviderClient is tainted at its creation, not by its arguments - ["android.content", "ContentProviderClient", True, "applyBatch", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["android.content", "ContentProviderClient", True, "call", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["android.content", "ContentProviderClient", True, "canonicalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] @@ -132,6 +134,7 @@ extensions: - ["android.content", "ContentValues", False, "put", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] - ["android.content", "ContentValues", False, "putAll", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["android.content", "ContentValues", False, "putAll", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] + # Currently only the Extras part of the intent and the data field are fully modeled - ["android.content", "Intent", True, "Intent", "(Context,Class)", "", "Argument[1]", "Argument[-1]", "taint", "manual"] - ["android.content", "Intent", True, "Intent", "(Intent)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["android.content", "Intent", False, "Intent", "(Intent)", "", "Argument[0].SyntheticField[android.content.Intent.extras].MapKey", "Argument[-1].SyntheticField[android.content.Intent.extras].MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/android.os.model.yml b/java/ql/lib/ext/android.os.model.yml index 8581a3f47ae..32860445cf4 100644 --- a/java/ql/lib/ext/android.os.model.yml +++ b/java/ql/lib/ext/android.os.model.yml @@ -35,6 +35,7 @@ extensions: - ["android.os", "Bundle", False, "Bundle", "(PersistableBundle)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["android.os", "Bundle", True, "clone", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["android.os", "Bundle", True, "clone", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] + # Model for Bundle.deepCopy is not fully precise, as some map values aren't copied by value - ["android.os", "Bundle", True, "deepCopy", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["android.os", "Bundle", True, "deepCopy", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["android.os", "Bundle", True, "getBinder", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/android.webkit.model.yml b/java/ql/lib/ext/android.webkit.model.yml index a12ffdd44dd..c5a3ed8661f 100644 --- a/java/ql/lib/ext/android.webkit.model.yml +++ b/java/ql/lib/ext/android.webkit.model.yml @@ -9,6 +9,7 @@ extensions: pack: codeql/java-all extensible: extSinkModel data: + # Models representing methods susceptible to XSS attacks. - ["android.webkit", "WebView", False, "evaluateJavascript", "", "", "Argument[0]", "xss", "manual"] - ["android.webkit", "WebView", False, "loadData", "", "", "Argument[0]", "xss", "manual"] - ["android.webkit", "WebView", False, "loadDataWithBaseURL", "", "", "Argument[1]", "xss", "manual"] diff --git a/java/ql/lib/ext/com.google.common.cache.model.yml b/java/ql/lib/ext/com.google.common.cache.model.yml index 673ee594992..852542d19d6 100644 --- a/java/ql/lib/ext/com.google.common.cache.model.yml +++ b/java/ql/lib/ext/com.google.common.cache.model.yml @@ -5,7 +5,9 @@ extensions: data: - ["com.google.common.cache", "Cache", True, "asMap", "()", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["com.google.common.cache", "Cache", True, "asMap", "()", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] + # Lambda flow from Argument[1] not implemented - ["com.google.common.cache", "Cache", True, "get", "(Object,Callable)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] + # The true flow to MapKey of ReturnValue for getAllPresent is the intersection of the these inputs, but intersections cannot be modeled fully accurately. - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["com.google.common.cache", "Cache", True, "getAllPresent", "(Iterable)", "", "Argument[0].Element", "ReturnValue.MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/com.google.common.collect.model.yml b/java/ql/lib/ext/com.google.common.collect.model.yml index 434fb34d728..98124e42679 100644 --- a/java/ql/lib/ext/com.google.common.collect.model.yml +++ b/java/ql/lib/ext/com.google.common.collect.model.yml @@ -3,6 +3,8 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Methods depending on lambda flow are not currently modeled + # Methods depending on stronger aliasing properties than we support are also not modeled. - ["com.google.common.collect", "ArrayListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["com.google.common.collect", "ArrayListMultimap", True, "create", "(Multimap)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["com.google.common.collect", "ArrayTable", True, "create", "(Iterable,Iterable)", "", "Argument[0].Element", "ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey]", "value", "manual"] diff --git a/java/ql/lib/ext/jakarta.ws.rs.core.model.yml b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml index 1f1cc59d161..44c8ed66881 100644 --- a/java/ql/lib/ext/jakarta.ws.rs.core.model.yml +++ b/java/ql/lib/ext/jakarta.ws.rs.core.model.yml @@ -27,6 +27,9 @@ extensions: - ["jakarta.ws.rs.core", "Form", True, "param", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"] - ["jakarta.ws.rs.core", "GenericEntity", False, "GenericEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["jakarta.ws.rs.core", "GenericEntity", True, "getEntity", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + # Methods that Date have to be syntax-checked, but those returning MediaType + # or Locale are assumed potentially dangerous, as these types do not generally check that the + # input data is recognised, only that it conforms to the expected syntax. - ["jakarta.ws.rs.core", "HttpHeaders", True, "getAcceptableLanguages", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "HttpHeaders", True, "getAcceptableMediaTypes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "HttpHeaders", True, "getCookies", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] @@ -63,9 +66,13 @@ extensions: - ["jakarta.ws.rs.core", "NewCookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "PathSegment", True, "getMatrixParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "PathSegment", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + # The returned ResponseBuilder gains taint from a tainted entity or existing Response - ["jakarta.ws.rs.core", "Response", False, "accepted", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "Response", False, "fromResponse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "Response", False, "ok", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Becomes tainted by a tainted entity, but not by metadata, headers etc + # Build() method returns taint + # Almost all methods are fluent, and so preserve value - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "allow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["jakarta.ws.rs.core", "Response$ResponseBuilder", True, "cacheControl", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index a593f0e7bf7..43c19fedbff 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -24,10 +24,12 @@ extensions: data: - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] diff --git a/java/ql/lib/ext/java.util.stream.model.yml b/java/ql/lib/ext/java.util.stream.model.yml index 431829ec322..ae453444faf 100644 --- a/java/ql/lib/ext/java.util.stream.model.yml +++ b/java/ql/lib/ext/java.util.stream.model.yml @@ -16,6 +16,7 @@ extensions: - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[1].Parameter[0]", "Argument[2].Parameter[0..1]", "value", "manual"] - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[1].Parameter[0]", "ReturnValue", "value", "manual"] - ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[2].Parameter[0..1]", "Argument[1].Parameter[0]", "value", "manual"] + # collect(Collector collector) is handled separately on a case-by-case basis as it is too complex for MaD - ["java.util.stream", "Stream", True, "concat", "(Stream,Stream)", "", "Argument[0..1].Element", "ReturnValue.Element", "value", "manual"] - ["java.util.stream", "Stream", True, "distinct", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.util.stream", "Stream", True, "dropWhile", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] @@ -43,6 +44,9 @@ extensions: - ["java.util.stream", "Stream", True, "limit", "(long)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] + # Missing for mapMulti(BiConsumer) (not currently supported): + # Argument[0] of Parameter[1] of Argument[0] -> Element of Parameter[1] of Argument[0] + # Element of Parameter[1] of Argument[0] -> Element of ReturnValue - ["java.util.stream", "Stream", True, "mapMulti", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["java.util.stream", "Stream", True, "mapMultiToDouble", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] - ["java.util.stream", "Stream", True, "mapMultiToInt", "(BiConsumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] diff --git a/java/ql/lib/ext/javax.jms.model.yml b/java/ql/lib/ext/javax.jms.model.yml index 9f153e35370..9ccf3e7a379 100644 --- a/java/ql/lib/ext/javax.jms.model.yml +++ b/java/ql/lib/ext/javax.jms.model.yml @@ -1,3 +1,8 @@ + # This model covers JMS API versions 1 and 2. + # + # https://docs.oracle.com/javaee/6/api/javax/jms/package-summary.html + # https://docs.oracle.com/javaee/7/api/javax/jms/package-summary.html + # extensions: - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/javax.ws.rs.core.model.yml b/java/ql/lib/ext/javax.ws.rs.core.model.yml index 079f1afa9d2..3c1611970f9 100644 --- a/java/ql/lib/ext/javax.ws.rs.core.model.yml +++ b/java/ql/lib/ext/javax.ws.rs.core.model.yml @@ -28,6 +28,9 @@ extensions: - ["javax.ws.rs.core", "Form", True, "param", "", "", "Argument[0..1]", "Argument[-1]", "taint", "manual"] - ["javax.ws.rs.core", "GenericEntity", False, "GenericEntity", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["javax.ws.rs.core", "GenericEntity", True, "getEntity", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + # Methods that Date have to be syntax-checked, but those returning MediaType + # or Locale are assumed potentially dangerous, as these types do not generally check that the + # input data is recognised, only that it conforms to the expected syntax. - ["javax.ws.rs.core", "HttpHeaders", True, "getAcceptableLanguages", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "HttpHeaders", True, "getAcceptableMediaTypes", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "HttpHeaders", True, "getCookies", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] @@ -64,9 +67,13 @@ extensions: - ["javax.ws.rs.core", "NewCookie", False, "valueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "PathSegment", True, "getMatrixParameters", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "PathSegment", True, "getPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + # The returned ResponseBuilder gains taint from a tainted entity or existing Response - ["javax.ws.rs.core", "Response", False, "accepted", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "Response", False, "fromResponse", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "Response", False, "ok", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Becomes tainted by a tainted entity, but not by metadata, headers etc + # Build() method returns taint + # Almost all methods are fluent, and so preserve value - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "allow", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "build", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["javax.ws.rs.core", "Response$ResponseBuilder", True, "cacheControl", "", "", "Argument[-1]", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/jodd.json.model.yml b/java/ql/lib/ext/jodd.json.model.yml index 6335ce520c0..6187110797d 100644 --- a/java/ql/lib/ext/jodd.json.model.yml +++ b/java/ql/lib/ext/jodd.json.model.yml @@ -1,3 +1,9 @@ + # A partial model of jodd.json.JsonParser noting fluent methods. + # + # This means that DataFlow::localFlow and similar methods are aware + # that the result of (e.g.) JsonParser.allowClass is an alias of the + # qualifier. + # extensions: - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml b/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml index ae77069bdee..55ab021d9ff 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.bag.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag - ["org.apache.commons.collections.bag", "AbstractBagDecorator", True, "AbstractBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.bag", "AbstractMapBag", True, "AbstractMapBag", "", "", "Argument[0].MapKey", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.bag", "AbstractMapBag", True, "getMap", "", "", "Argument[-1].Element", "ReturnValue.MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml b/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml index 53e523e74ed..a2cdd0a2d80 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.collection.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedCollection - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "AbstractCollectionDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "decorated", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections.collection", "AbstractCollectionDecorator", True, "setCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml b/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml index d5cf30ca7cc..d65fc0e6f93 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.iterators.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformIterator - ["org.apache.commons.collections.iterators", "AbstractIteratorDecorator", True, "AbstractIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.iterators", "AbstractListIteratorDecorator", True, "AbstractListIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.iterators", "AbstractListIteratorDecorator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml b/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml index 679da24a74c..9c7e0fd4bca 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.keyvalue.model.yml @@ -3,6 +3,9 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`, + # and when more general callable flow is supported we should model the package + # `org.apache.commons.collections4.sequence`. - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.list.model.yml b/java/ql/lib/ext/org.apache.commons.collections.list.model.yml index d97d893a2c0..53ad3035659 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.list.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.list.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedList - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "AbstractLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "addFirst", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.list", "AbstractLinkedList", True, "addLast", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.map.model.yml b/java/ql/lib/ext/org.apache.commons.collections.map.model.yml index 85b368c7fcd..a6280315075 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.map.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.map.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap - ["org.apache.commons.collections.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.model.yml b/java/ql/lib/ext/org.apache.commons.collections.model.yml index 13192b5a709..5846d092b5c 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.model.yml @@ -3,6 +3,13 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform + # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`, + # and when more general callable flow is supported we should model the package + # `org.apache.commons.collections4.sequence`. + # Note that when lambdas are supported we should have more models for populateMap + # Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform + # Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator - ["org.apache.commons.collections", "ArrayStack", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections", "ArrayStack", True, "pop", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections", "ArrayStack", True, "push", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] @@ -60,6 +67,7 @@ extensions: - ["org.apache.commons.collections", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections", "CollectionUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "CollectionUtils", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that `CollectionUtils.transformingCollection` does not transform existing list elements - ["org.apache.commons.collections", "CollectionUtils", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "CollectionUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "CollectionUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] @@ -191,6 +199,7 @@ extensions: - ["org.apache.commons.collections", "ListUtils", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] + # Note that `ListUtils.lazyList` does not transform existing list elements - ["org.apache.commons.collections", "ListUtils", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"] @@ -208,10 +217,13 @@ extensions: - ["org.apache.commons.collections", "ListUtils", True, "sum", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "sum", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "synchronizedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that `ListUtils.transformedList` does not transform existing list elements - ["org.apache.commons.collections", "ListUtils", True, "transformedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections", "ListUtils", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that MapIterator implements Iterator, so it iterates over the keys of the map. + # In order for the models of Iterator to work we have to use Element instead of MapKey for key data. - ["org.apache.commons.collections", "MapIterator", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections", "MapIterator", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections", "MapIterator", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml index be759e9ccbb..d1d0b5a885c 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.multimap.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedMultiValuedMap - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"] - ["org.apache.commons.collections.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml b/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml index 41c40f6fb4c..5a9db9599d4 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.queue.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedQueue - ["org.apache.commons.collections.queue", "CircularFifoQueue", True, "CircularFifoQueue", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.queue", "CircularFifoQueue", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections.queue", "PredicatedQueue", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.set.model.yml b/java/ql/lib/ext/org.apache.commons.collections.set.model.yml index 56f97fd9b2e..019f862568d 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.set.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.set.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedNavigableSet - ["org.apache.commons.collections.set", "AbstractNavigableSetDecorator", True, "AbstractNavigableSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.set", "AbstractSetDecorator", True, "AbstractSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections.set", "AbstractSortedSetDecorator", True, "AbstractSortedSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml b/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml index 307081c6171..447b3533fbc 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.splitmap.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedSplitMap - ["org.apache.commons.collections.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml b/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml index 1312bd074b8..451e0b60bc7 100644 --- a/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections.trie.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedSplitMap - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["org.apache.commons.collections.trie", "AbstractPatriciaTrie", True, "selectKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml index 5261491c1c7..ddc26f49b7f 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.bag.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag - ["org.apache.commons.collections4.bag", "AbstractBagDecorator", True, "AbstractBagDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.bag", "AbstractMapBag", True, "AbstractMapBag", "", "", "Argument[0].MapKey", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.bag", "AbstractMapBag", True, "getMap", "", "", "Argument[-1].Element", "ReturnValue.MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml index 1c53d650fd3..f3ac93c242d 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.collection.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedCollection - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "AbstractCollectionDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "decorated", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4.collection", "AbstractCollectionDecorator", True, "setCollection", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml index ca86086d08b..f6671a823c4 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.iterators.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformIterator - ["org.apache.commons.collections4.iterators", "AbstractIteratorDecorator", True, "AbstractIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.iterators", "AbstractListIteratorDecorator", True, "AbstractListIteratorDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.iterators", "AbstractListIteratorDecorator", True, "getListIterator", "", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml index b62873ed707..aa4a663115e 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.keyvalue.model.yml @@ -3,6 +3,9 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`, + # and when more general callable flow is supported we should model the package + # `org.apache.commons.collections4.sequence`. - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "AbstractKeyValue", "", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections4.keyvalue", "AbstractKeyValue", True, "setKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml index 4307d7f1a92..7d82ffdcfa5 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.list.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedList - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "AbstractLinkedList", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "addFirst", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.list", "AbstractLinkedList", True, "addLast", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml index 77b0d66f081..52d1221ed1d 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.map.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap - ["org.apache.commons.collections4.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections4.map", "AbstractHashedMap", True, "AbstractHashedMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections4.map", "AbstractLinkedMap", True, "AbstractLinkedMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.model.yml index c3e91e9939b..ce5fc6b9fe9 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.model.yml @@ -3,6 +3,13 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform + # Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`, + # and when more general callable flow is supported we should model the package + # `org.apache.commons.collections4.sequence`. + # Note that when lambdas are supported we should have more models for populateMap + # Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform + # Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator - ["org.apache.commons.collections4", "ArrayStack", True, "peek", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4", "ArrayStack", True, "pop", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4", "ArrayStack", True, "push", "", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] @@ -60,6 +67,7 @@ extensions: - ["org.apache.commons.collections4", "CollectionUtils", True, "selectRejected", "(Iterable,Predicate,Collection)", "", "Argument[2]", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4", "CollectionUtils", True, "subtract", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "CollectionUtils", True, "synchronizedCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that `CollectionUtils.transformingCollection` does not transform existing list elements - ["org.apache.commons.collections4", "CollectionUtils", True, "transformingCollection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "CollectionUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "CollectionUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] @@ -191,6 +199,7 @@ extensions: - ["org.apache.commons.collections4", "ListUtils", True, "fixedSizeList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "intersection", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "intersection", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] + # Note that `ListUtils.lazyList` does not transform existing list elements - ["org.apache.commons.collections4", "ListUtils", True, "lazyList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "longestCommonSubsequence", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"] @@ -208,10 +217,13 @@ extensions: - ["org.apache.commons.collections4", "ListUtils", True, "sum", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "sum", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "synchronizedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that `ListUtils.transformedList` does not transform existing list elements - ["org.apache.commons.collections4", "ListUtils", True, "transformedList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "union", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "union", "", "", "Argument[1].Element", "ReturnValue.Element", "value", "manual"] - ["org.apache.commons.collections4", "ListUtils", True, "unmodifiableList", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] + # Note that MapIterator implements Iterator, so it iterates over the keys of the map. + # In order for the models of Iterator to work we have to use Element instead of MapKey for key data. - ["org.apache.commons.collections4", "MapIterator", True, "getKey", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4", "MapIterator", True, "getValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4", "MapIterator", True, "setValue", "", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml index 0611ffb8e90..3812b6766fd 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.multimap.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedMultiValuedMap - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue.Element", "value", "manual"] - ["org.apache.commons.collections4.multimap", "ArrayListValuedHashMap", True, "ArrayListValuedHashMap", "(MultiValuedMap)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml index e4385072bc6..f9067b758e9 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.queue.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedQueue - ["org.apache.commons.collections4.queue", "CircularFifoQueue", True, "CircularFifoQueue", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.queue", "CircularFifoQueue", True, "get", "", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] - ["org.apache.commons.collections4.queue", "PredicatedQueue", True, "predicatedQueue", "", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml index e6df878695e..63ac0c91141 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.set.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedNavigableSet - ["org.apache.commons.collections4.set", "AbstractNavigableSetDecorator", True, "AbstractNavigableSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.set", "AbstractSetDecorator", True, "AbstractSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] - ["org.apache.commons.collections4.set", "AbstractSortedSetDecorator", True, "AbstractSortedSetDecorator", "", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml index 4be99cb8ec9..5a1de63ba6a 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.splitmap.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedSplitMap - ["org.apache.commons.collections4.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"] - ["org.apache.commons.collections4.splitmap", "AbstractIterableGetMapDecorator", True, "AbstractIterableGetMapDecorator", "", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"] - ["org.apache.commons.collections4.splitmap", "TransformedSplitMap", True, "transformingMap", "", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml b/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml index 44d64dda75d..1f33d441e18 100644 --- a/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml +++ b/java/ql/lib/ext/org.apache.commons.collections4.trie.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Note that when lambdas are supported we should have more models for TransformedSplitMap - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapKey", "ReturnValue.MapKey", "value", "manual"] - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "select", "", "", "Argument[-1].MapValue", "ReturnValue.MapValue", "value", "manual"] - ["org.apache.commons.collections4.trie", "AbstractPatriciaTrie", True, "selectKey", "", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index c135623eff6..6cb7aa0b251 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -3,6 +3,10 @@ extensions: pack: codeql/java-all extensible: extSummaryModel data: + # Models that are not yet auto generated or where the generated summaries will + # be ignored. + # Note that if a callable has any handwritten summary, all generated summaries + # will be ignored for that callable. - ["org.apache.commons.io", "IOUtils", False, "toBufferedInputStream", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["org.apache.commons.io", "IOUtils", True, "toByteArray", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["org.apache.commons.io", "IOUtils", True, "toByteArray", "(Reader,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.lang3.model.yml b/java/ql/lib/ext/org.apache.commons.lang3.model.yml index 4b0c89d2731..3fda3a551af 100644 --- a/java/ql/lib/ext/org.apache.commons.lang3.model.yml +++ b/java/ql/lib/ext/org.apache.commons.lang3.model.yml @@ -1,4 +1,14 @@ extensions: + - addsTo: + pack: codeql/java-all + extensible: extSinkModel + data: + - ["org.apache.commons.lang3", "RegExUtils", False, "removeAll", "(String,String)", "", "Argument[1]", "regex-use", "manual"] + - ["org.apache.commons.lang3", "RegExUtils", False, "removeFirst", "(String,String)", "", "Argument[1]", "regex-use", "manual"] + - ["org.apache.commons.lang3", "RegExUtils", False, "removePattern", "(String,String)", "", "Argument[1]", "regex-use", "manual"] + - ["org.apache.commons.lang3", "RegExUtils", False, "replaceAll", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"] + - ["org.apache.commons.lang3", "RegExUtils", False, "replaceFirst", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"] + - ["org.apache.commons.lang3", "RegExUtils", False, "replacePattern", "(String,String,String)", "", "Argument[1]", "regex-use", "manual"] - addsTo: pack: codeql/java-all extensible: extSummaryModel diff --git a/java/ql/lib/ext/org.springframework.web.util.model.yml b/java/ql/lib/ext/org.springframework.web.util.model.yml index c3f70b66cf8..151be5867e0 100644 --- a/java/ql/lib/ext/org.springframework.web.util.model.yml +++ b/java/ql/lib/ext/org.springframework.web.util.model.yml @@ -6,6 +6,7 @@ extensions: - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "getBaseUrl", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "setBaseUrl", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["org.springframework.web.util", "AbstractUriTemplateHandler", True, "setDefaultUriVariables", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] + # Writing to a `Request` or `Response` currently doesn't propagate taint to the object itself. - ["org.springframework.web.util", "ContentCachingRequestWrapper", False, "ContentCachingRequestWrapper", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] - ["org.springframework.web.util", "ContentCachingRequestWrapper", False, "getContentAsByteArray", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["org.springframework.web.util", "ContentCachingResponseWrapper", False, "ContentCachingResponseWrapper", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"] diff --git a/java/ql/lib/ext/ratpack.core.handling.model.yml b/java/ql/lib/ext/ratpack.core.handling.model.yml index edb02aaeced..7662cc6c79d 100644 --- a/java/ql/lib/ext/ratpack.core.handling.model.yml +++ b/java/ql/lib/ext/ratpack.core.handling.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSourceModel data: + # All Context#parse methods that return a Promise are remote flow sources. - ["ratpack.core.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken)", "", "ReturnValue", "remote", "manual"] - ["ratpack.core.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken,java.lang.Object)", "", "ReturnValue", "remote", "manual"] - ["ratpack.core.handling", "Context", True, "parse", "(java.lang.Class)", "", "ReturnValue", "remote", "manual"] diff --git a/java/ql/lib/ext/ratpack.func.model.yml b/java/ql/lib/ext/ratpack.func.model.yml index e850a8cbfe1..04e5a0cec8c 100644 --- a/java/ql/lib/ext/ratpack.func.model.yml +++ b/java/ql/lib/ext/ratpack.func.model.yml @@ -13,17 +13,21 @@ extensions: - ["ratpack.func", "Pair", True, "left", "()", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"] - ["ratpack.func", "Pair", True, "left", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.func", "Pair", True, "left", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] + # `map` maps over the `Pair` - ["ratpack.func", "Pair", True, "map", "", "", "Argument[-1]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.func", "Pair", True, "map", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"] + # `mapLeft` & `mapRight` map over their respective fields - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.func", "Pair", True, "mapLeft", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.func", "Pair", True, "mapRight", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] + # `nestLeft` Pair.nestLeft(C) -> Pair, B> - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.func", "Pair", True, "nestLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.left]", "value", "manual"] + # `nestRight` Pair.nestRight(C) -> Pair> - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.func", "Pair", True, "nestRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.left]", "value", "manual"] diff --git a/java/ql/lib/ext/ratpack.handling.model.yml b/java/ql/lib/ext/ratpack.handling.model.yml index 3523d1cf937..3c2c54d0bba 100644 --- a/java/ql/lib/ext/ratpack.handling.model.yml +++ b/java/ql/lib/ext/ratpack.handling.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: extSourceModel data: + # All Context#parse methods that return a Promise are remote flow sources. - ["ratpack.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken)", "", "ReturnValue", "remote", "manual"] - ["ratpack.handling", "Context", True, "parse", "(com.google.common.reflect.TypeToken,java.lang.Object)", "", "ReturnValue", "remote", "manual"] - ["ratpack.handling", "Context", True, "parse", "(java.lang.Class)", "", "ReturnValue", "remote", "manual"] diff --git a/java/ql/lib/ext/ratpack.util.model.yml b/java/ql/lib/ext/ratpack.util.model.yml index b594e03aecd..218a023bcd3 100644 --- a/java/ql/lib/ext/ratpack.util.model.yml +++ b/java/ql/lib/ext/ratpack.util.model.yml @@ -13,17 +13,21 @@ extensions: - ["ratpack.util", "Pair", True, "left", "()", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue", "value", "manual"] - ["ratpack.util", "Pair", True, "left", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.util", "Pair", True, "left", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] + # `map` maps over the `Pair` - ["ratpack.util", "Pair", True, "map", "", "", "Argument[-1]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.util", "Pair", True, "map", "", "", "Argument[0].ReturnValue", "ReturnValue", "value", "manual"] + # `mapLeft` & `mapRight` map over their respective fields - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.util", "Pair", True, "mapLeft", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[-1].Field[ratpack.func.Pair.right]", "Argument[0].Parameter[0]", "value", "manual"] - ["ratpack.util", "Pair", True, "mapRight", "", "", "Argument[0].ReturnValue", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] + # `nestLeft` Pair.nestLeft(C) -> Pair, B> - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.util", "Pair", True, "nestLeft", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.left].Field[ratpack.func.Pair.left]", "value", "manual"] + # `nestRight` Pair.nestRight(C) -> Pair> - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.left]", "ReturnValue.Field[ratpack.func.Pair.left]", "value", "manual"] - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[-1].Field[ratpack.func.Pair.right]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.right]", "value", "manual"] - ["ratpack.util", "Pair", True, "nestRight", "(Object)", "", "Argument[0]", "ReturnValue.Field[ratpack.func.Pair.right].Field[ratpack.func.Pair.left]", "value", "manual"] diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll index 082fa167103..b9688809c45 100644 --- a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll @@ -90,56 +90,30 @@ private module Frameworks { private import semmle.code.java.frameworks.android.ContentProviders private import semmle.code.java.frameworks.android.ExternalStorage private import semmle.code.java.frameworks.android.Intent - private import semmle.code.java.frameworks.android.Notifications private import semmle.code.java.frameworks.android.SharedPreferences private import semmle.code.java.frameworks.android.Slice private import semmle.code.java.frameworks.android.SQLite private import semmle.code.java.frameworks.android.Widget - private import semmle.code.java.frameworks.android.XssSinks private import semmle.code.java.frameworks.ApacheHttp private import semmle.code.java.frameworks.apache.Collections - private import semmle.code.java.frameworks.apache.IO private import semmle.code.java.frameworks.apache.Lang private import semmle.code.java.frameworks.Flexjson private import semmle.code.java.frameworks.generated private import semmle.code.java.frameworks.guava.Guava private import semmle.code.java.frameworks.jackson.JacksonSerializability private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer - private import semmle.code.java.frameworks.JavaIo - private import semmle.code.java.frameworks.JavaxJson private import semmle.code.java.frameworks.JaxWS private import semmle.code.java.frameworks.JoddJson - private import semmle.code.java.frameworks.JsonJava - private import semmle.code.java.frameworks.Logging - private import semmle.code.java.frameworks.Objects - private import semmle.code.java.frameworks.OkHttp - private import semmle.code.java.frameworks.Optional - private import semmle.code.java.frameworks.Regex - private import semmle.code.java.frameworks.Retrofit private import semmle.code.java.frameworks.Stream - private import semmle.code.java.frameworks.Strings - private import semmle.code.java.frameworks.Thymeleaf - private import semmle.code.java.frameworks.ratpack.Ratpack private import semmle.code.java.frameworks.ratpack.RatpackExec - private import semmle.code.java.frameworks.spring.SpringCache - private import semmle.code.java.frameworks.spring.SpringContext - private import semmle.code.java.frameworks.spring.SpringData private import semmle.code.java.frameworks.spring.SpringHttp - private import semmle.code.java.frameworks.spring.SpringUtil - private import semmle.code.java.frameworks.spring.SpringUi - private import semmle.code.java.frameworks.spring.SpringValidation private import semmle.code.java.frameworks.spring.SpringWebClient - private import semmle.code.java.frameworks.spring.SpringBeans - private import semmle.code.java.frameworks.spring.SpringWebMultipart - private import semmle.code.java.frameworks.spring.SpringWebUtil private import semmle.code.java.security.AndroidIntentRedirection private import semmle.code.java.security.ResponseSplitting private import semmle.code.java.security.InformationLeak - private import semmle.code.java.security.Files private import semmle.code.java.security.FragmentInjection private import semmle.code.java.security.GroovyInjection private import semmle.code.java.security.ImplicitPendingIntents - private import semmle.code.java.security.JexlInjectionSinkModels private import semmle.code.java.security.JndiInjection private import semmle.code.java.security.LdapInjection private import semmle.code.java.security.MvelInjection @@ -148,16 +122,10 @@ private module Frameworks { private import semmle.code.java.security.XPath private import semmle.code.java.security.XsltInjection private import semmle.code.java.frameworks.Jdbc - private import semmle.code.java.frameworks.Jdbi - private import semmle.code.java.frameworks.HikariCP private import semmle.code.java.frameworks.SpringJdbc private import semmle.code.java.frameworks.MyBatis private import semmle.code.java.frameworks.Hibernate private import semmle.code.java.frameworks.jOOQ - private import semmle.code.java.frameworks.JMS - private import semmle.code.java.frameworks.RabbitMQ - private import semmle.code.java.regex.RegexFlowModels - private import semmle.code.java.frameworks.kotlin.StdLib } /** @@ -216,226 +184,6 @@ private class NegativeSummaryModelCsvInternal extends Unit { abstract predicate row(string row); } -private class SourceModelCsvBase extends SourceModelCsv { - override predicate row(string row) { - row = - [ - // org.springframework.security.web.savedrequest.SavedRequest - "org.springframework.security.web.savedrequest;SavedRequest;true;getRedirectUrl;;;ReturnValue;remote;manual", - "org.springframework.security.web.savedrequest;SavedRequest;true;getCookies;;;ReturnValue;remote;manual", - "org.springframework.security.web.savedrequest;SavedRequest;true;getHeaderValues;;;ReturnValue;remote;manual", - "org.springframework.security.web.savedrequest;SavedRequest;true;getHeaderNames;;;ReturnValue;remote;manual", - "org.springframework.security.web.savedrequest;SavedRequest;true;getParameterValues;;;ReturnValue;remote;manual", - "org.springframework.security.web.savedrequest;SavedRequest;true;getParameterMap;;;ReturnValue;remote;manual", - // ServletRequestGetParameterMethod - "javax.servlet;ServletRequest;false;getParameter;(String);;ReturnValue;remote;manual", - "javax.servlet;ServletRequest;false;getParameterValues;(String);;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getParameter;(String);;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getParameterValues;(String);;ReturnValue;remote;manual", - // ServletRequestGetParameterMapMethod - "javax.servlet;ServletRequest;false;getParameterMap;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getParameterMap;();;ReturnValue;remote;manual", - // ServletRequestGetParameterNamesMethod - "javax.servlet;ServletRequest;false;getParameterNames;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getParameterNames;();;ReturnValue;remote;manual", - // HttpServletRequestGetQueryStringMethod - "javax.servlet.http;HttpServletRequest;false;getQueryString;();;ReturnValue;remote;manual", - // - // URLConnectionGetInputStreamMethod - "java.net;URLConnection;false;getInputStream;();;ReturnValue;remote;manual", - // SocketGetInputStreamMethod - "java.net;Socket;false;getInputStream;();;ReturnValue;remote;manual", - // BeanValidationSource - "javax.validation;ConstraintValidator;true;isValid;;;Parameter[0];remote;manual", - // SpringMultipartRequestSource - "org.springframework.web.multipart;MultipartRequest;true;getFile;(String);;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFileMap;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFileNames;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFiles;(String);;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartRequest;true;getMultipartContentType;(String);;ReturnValue;remote;manual", - // SpringMultipartFileSource - "org.springframework.web.multipart;MultipartFile;true;getBytes;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartFile;true;getContentType;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartFile;true;getInputStream;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartFile;true;getName;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;();;ReturnValue;remote;manual", - "org.springframework.web.multipart;MultipartFile;true;getResource;();;ReturnValue;remote;manual", - // HttpServletRequest.get* - "javax.servlet.http;HttpServletRequest;false;getHeader;(String);;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getHeaders;(String);;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getHeaderNames;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getPathInfo;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getRequestURI;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getRequestURL;();;ReturnValue;remote;manual", - "javax.servlet.http;HttpServletRequest;false;getRemoteUser;();;ReturnValue;remote;manual", - // SpringWebRequestGetMethod - "org.springframework.web.context.request;WebRequest;false;getDescription;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getHeader;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getHeaderNames;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getHeaderValues;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getParameter;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getParameterMap;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getParameterNames;;;ReturnValue;remote;manual", - "org.springframework.web.context.request;WebRequest;false;getParameterValues;;;ReturnValue;remote;manual", - // TODO consider org.springframework.web.context.request.WebRequest.getRemoteUser - // ServletRequestGetBodyMethod - "javax.servlet;ServletRequest;false;getInputStream;();;ReturnValue;remote;manual", - "javax.servlet;ServletRequest;false;getReader;();;ReturnValue;remote;manual", - // CookieGet* - "javax.servlet.http;Cookie;false;getValue;();;ReturnValue;remote;manual", - "javax.servlet.http;Cookie;false;getName;();;ReturnValue;remote;manual", - "javax.servlet.http;Cookie;false;getComment;();;ReturnValue;remote;manual", - // ApacheHttp* - "org.apache.http;HttpMessage;false;getParams;();;ReturnValue;remote;manual", - "org.apache.http;HttpEntity;false;getContent;();;ReturnValue;remote;manual", - // In the setting of Android we assume that XML has been transmitted over - // the network, so may be tainted. - // XmlPullGetMethod - "org.xmlpull.v1;XmlPullParser;false;getName;();;ReturnValue;remote;manual", - "org.xmlpull.v1;XmlPullParser;false;getNamespace;();;ReturnValue;remote;manual", - "org.xmlpull.v1;XmlPullParser;false;getText;();;ReturnValue;remote;manual", - // XmlAttrSetGetMethod - "android.util;AttributeSet;false;getAttributeBooleanValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeCount;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeFloatValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeIntValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeListValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeName;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeNameResource;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeNamespace;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeResourceValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeUnsignedIntValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getAttributeValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getClassAttribute;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getIdAttribute;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getIdAttributeResourceValue;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getPositionDescription;;;ReturnValue;remote;manual", - "android.util;AttributeSet;false;getStyleAttribute;;;ReturnValue;remote;manual", - // The current URL in a browser may be untrusted or uncontrolled. - // WebViewGetUrlMethod - "android.webkit;WebView;false;getUrl;();;ReturnValue;remote;manual", - "android.webkit;WebView;false;getOriginalUrl;();;ReturnValue;remote;manual", - // SpringRestTemplateResponseEntityMethod - "org.springframework.web.client;RestTemplate;false;exchange;;;ReturnValue;remote;manual", - "org.springframework.web.client;RestTemplate;false;getForEntity;;;ReturnValue;remote;manual", - "org.springframework.web.client;RestTemplate;false;postForEntity;;;ReturnValue;remote;manual", - // WebSocketMessageParameterSource - "java.net.http;WebSocket$Listener;true;onText;(WebSocket,CharSequence,boolean);;Parameter[1];remote;manual", - // PlayRequestGetMethod - "play.mvc;Http$RequestHeader;false;queryString;;;ReturnValue;remote;manual", - "play.mvc;Http$RequestHeader;false;getQueryString;;;ReturnValue;remote;manual", - "play.mvc;Http$RequestHeader;false;header;;;ReturnValue;remote;manual", - "play.mvc;Http$RequestHeader;false;getHeader;;;ReturnValue;remote;manual" - ] - } -} - -private class SinkModelCsvBase extends SinkModelCsv { - override predicate row(string row) { - row = - [ - // Open URL - "java.net;URL;false;openConnection;;;Argument[-1];open-url;manual", - "java.net;URL;false;openStream;;;Argument[-1];open-url;manual", - "java.net.http;HttpRequest;false;newBuilder;;;Argument[0];open-url;manual", - "java.net.http;HttpRequest$Builder;false;uri;;;Argument[0];open-url;manual", - "java.net;URLClassLoader;false;URLClassLoader;(URL[]);;Argument[0];open-url;manual", - "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader);;Argument[0];open-url;manual", - "java.net;URLClassLoader;false;URLClassLoader;(URL[],ClassLoader,URLStreamHandlerFactory);;Argument[0];open-url;manual", - "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader);;Argument[1];open-url;manual", - "java.net;URLClassLoader;false;URLClassLoader;(String,URL[],ClassLoader,URLStreamHandlerFactory);;Argument[1];open-url;manual", - "java.net;URLClassLoader;false;newInstance;;;Argument[0];open-url;manual", - // Bean validation - "javax.validation;ConstraintValidatorContext;true;buildConstraintViolationWithTemplate;;;Argument[0];bean-validation;manual", - // Set hostname - "javax.net.ssl;HttpsURLConnection;true;setDefaultHostnameVerifier;;;Argument[0];set-hostname-verifier;manual", - "javax.net.ssl;HttpsURLConnection;true;setHostnameVerifier;;;Argument[0];set-hostname-verifier;manual" - ] - } -} - -private class SummaryModelCsvBase extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - // qualifier to arg - "java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint;manual", - "java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint;manual", - "java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint;manual", - "java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint;manual", - "java.io;ByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual", - "java.io;Reader;true;read;;;Argument[-1];Argument[0];taint;manual", - // qualifier to return - "java.io;ByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual", - "java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint;manual", - "java.io;InputStream;true;readNBytes;(int);;Argument[-1];ReturnValue;taint;manual", - "java.util;StringTokenizer;false;nextElement;();;Argument[-1];ReturnValue;taint;manual", - "java.util;StringTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual", - "javax.xml.transform.sax;SAXSource;false;getInputSource;;;Argument[-1];ReturnValue;taint;manual", - "javax.xml.transform.stream;StreamSource;false;getInputStream;;;Argument[-1];ReturnValue;taint;manual", - "java.nio;ByteBuffer;false;get;;;Argument[-1];ReturnValue;taint;manual", - "java.net;URI;false;toURL;;;Argument[-1];ReturnValue;taint;manual", - "java.net;URI;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.net;URI;false;toAsciiString;;;Argument[-1];ReturnValue;taint;manual", - "java.nio;ByteBuffer;false;array;();;Argument[-1];ReturnValue;taint;manual", - "java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint;manual", - "java.io;Reader;true;read;();;Argument[-1];ReturnValue;taint;manual", - // arg to return - "java.nio;ByteBuffer;false;wrap;(byte[]);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Encoder;false;encode;(byte[]);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Encoder;false;encode;(ByteBuffer);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Encoder;false;encodeToString;(byte[]);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Encoder;false;wrap;(OutputStream);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Decoder;false;decode;(byte[]);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Decoder;false;decode;(ByteBuffer);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Decoder;false;decode;(String);;Argument[0];ReturnValue;taint;manual", - "java.util;Base64$Decoder;false;wrap;(InputStream);;Argument[0];ReturnValue;taint;manual", - "cn.hutool.core.codec;Base64;true;decode;;;Argument[0];ReturnValue;taint;manual", - "org.apache.shiro.codec;Base64;false;decode;(String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;Encoder;true;encode;(Object);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;Decoder;true;decode;(Object);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;BinaryEncoder;true;encode;(byte[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;BinaryDecoder;true;decode;(byte[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;StringEncoder;true;encode;(String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.codec;StringDecoder;true;decode;(String);;Argument[0];ReturnValue;taint;manual", - "java.net;URLDecoder;false;decode;;;Argument[0];ReturnValue;taint;manual", - "java.net;URI;false;create;;;Argument[0];ReturnValue;taint;manual", - "javax.xml.transform.sax;SAXSource;false;sourceToInputSource;;;Argument[0];ReturnValue;taint;manual", - // arg to arg - "java.lang;System;false;arraycopy;;;Argument[0];Argument[2];taint;manual", - // constructor flow - "java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint;manual", - "java.net;URL;false;URL;(String);;Argument[0];Argument[-1];taint;manual", - "javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint;manual", - "javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];Argument[-1];taint;manual", - "javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];Argument[-1];taint;manual", - "org.xml.sax;InputSource;false;InputSource;;;Argument[0];Argument[-1];taint;manual", - "javax.servlet.http;Cookie;false;Cookie;;;Argument[0];Argument[-1];taint;manual", - "javax.servlet.http;Cookie;false;Cookie;;;Argument[1];Argument[-1];taint;manual", - "java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint;manual", - "java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];Argument[-1];taint;manual", - "com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];Argument[-1];taint;manual", - "com.esotericsoftware.kryo5.io;Input;false;Input;;;Argument[0];Argument[-1];taint;manual", - "java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint;manual", - "java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint;manual", - "java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint;manual", - "java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint;manual", - "java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint;manual", - "java.io;OutputStream;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual", - "java.io;OutputStream;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "java.io;OutputStream;true;write;(int);;Argument[0];Argument[-1];taint;manual", - "java.io;FilterOutputStream;true;FilterOutputStream;(OutputStream);;Argument[0];Argument[-1];taint;manual" - ] - } -} - private predicate sourceModelInternal(string row) { any(SourceModelCsvInternal s).row(row) } private predicate summaryModelInternal(string row) { any(SummaryModelCsvInternal s).row(row) } diff --git a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll index aebe509816f..19f11842d14 100644 --- a/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll +++ b/java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll @@ -91,355 +91,6 @@ class ContainerType extends RefType { } } -private class ContainerFlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "java.lang;Object;true;clone;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.lang;Object;true;clone;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.lang;Object;true;clone;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Map$Entry;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - "java.util;Map$Entry;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map$Entry;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map$Entry;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual", - "java.lang;Iterable;true;iterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.lang;Iterable;true;spliterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.lang;Iterable;true;forEach;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Iterator;true;next;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Iterator;true;forEachRemaining;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;ListIterator;true;previous;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;ListIterator;true;add;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;ListIterator;true;set;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Enumeration;true;asIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Enumeration;true;nextElement;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Map;true;computeIfAbsent;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;computeIfAbsent;;;Argument[1].ReturnValue;ReturnValue;value;manual", - "java.util;Map;true;computeIfAbsent;;;Argument[1].ReturnValue;Argument[-1].MapValue;value;manual", - "java.util;Map;true;entrySet;;;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual", - "java.util;Map;true;entrySet;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual", - "java.util;Map;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;getOrDefault;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;getOrDefault;;;Argument[1];ReturnValue;value;manual", - "java.util;Map;true;put;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Map;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Map;true;putIfAbsent;;;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;putIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Map;true;putIfAbsent;;;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Map;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;replace;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Map;true;replace;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Map;true;replace;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Map;true;replace;(Object,Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Map;true;replace;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual", - "java.util;Map;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - "java.util;Map;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "java.util;Map;true;merge;(Object,Object,BiFunction);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Map;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;Map;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;Map;true;forEach;(BiConsumer);;Argument[-1].MapKey;Argument[0].Parameter[0];value;manual", - "java.util;Map;true;forEach;(BiConsumer);;Argument[-1].MapValue;Argument[0].Parameter[1];value;manual", - "java.util;Collection;true;parallelStream;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Collection;true;stream;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Collection;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - "java.util;Collection;true;toArray;;;Argument[-1].Element;Argument[0].ArrayElement;value;manual", - "java.util;Collection;true;add;;;Argument[0];Argument[-1].Element;value;manual", - "java.util;Collection;true;addAll;;;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;List;true;get;(int);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;List;true;listIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;List;true;remove;(int);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;List;true;set;(int,Object);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;List;true;set;(int,Object);;Argument[1];Argument[-1].Element;value;manual", - "java.util;List;true;subList;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;List;true;add;(int,Object);;Argument[1];Argument[-1].Element;value;manual", - "java.util;List;true;addAll;(int,Collection);;Argument[1].Element;Argument[-1].Element;value;manual", - "java.util;Vector;true;elementAt;(int);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Vector;true;elements;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Vector;true;firstElement;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Vector;true;lastElement;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Vector;true;addElement;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Vector;true;insertElementAt;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Vector;true;setElementAt;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Vector;true;copyInto;(Object[]);;Argument[-1].Element;Argument[0].ArrayElement;value;manual", - "java.util;Stack;true;peek;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Stack;true;pop;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Stack;true;push;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Queue;true;element;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Queue;true;peek;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Queue;true;poll;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Queue;true;remove;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Queue;true;offer;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Deque;true;descendingIterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Deque;true;getFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;getLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;peekFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;peekLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;pollFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;pollLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;pop;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;removeFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;removeLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Deque;true;push;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Deque;true;offerLast;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Deque;true;offerFirst;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Deque;true;addLast;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;Deque;true;addFirst;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingDeque;true;pollFirst;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingDeque;true;pollLast;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingDeque;true;takeFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingDeque;true;takeLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingQueue;true;poll;(long,TimeUnit);;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingQueue;true;take;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util.concurrent;BlockingQueue;true;offer;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingQueue;true;put;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingDeque;true;offerLast;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingDeque;true;offerFirst;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingDeque;true;putLast;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingDeque;true;putFirst;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;BlockingQueue;true;drainTo;(Collection,int);;Argument[-1].Element;Argument[0].Element;value;manual", - "java.util.concurrent;BlockingQueue;true;drainTo;(Collection);;Argument[-1].Element;Argument[0].Element;value;manual", - "java.util.concurrent;ConcurrentHashMap;true;elements;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "java.util;Dictionary;true;elements;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "java.util;Dictionary;true;get;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Dictionary;true;keys;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - "java.util;Dictionary;true;put;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Dictionary;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Dictionary;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Dictionary;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;NavigableMap;true;ceilingEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;ceilingEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;descendingMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;descendingMap;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;firstEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;firstEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;floorEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;floorEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;headMap;(Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;headMap;(Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;higherEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;higherEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;lastEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;lastEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;lowerEntry;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;lowerEntry;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;pollFirstEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;pollFirstEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;pollLastEntry;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;pollLastEntry;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableMap;true;tailMap;(Object,boolean);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;NavigableMap;true;tailMap;(Object,boolean);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;NavigableSet;true;ceiling;(Object);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;descendingIterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;NavigableSet;true;descendingSet;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;NavigableSet;true;floor;(Object);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;headSet;(Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;NavigableSet;true;higher;(Object);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;lower;(Object);;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;pollFirst;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;pollLast;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;NavigableSet;true;subSet;(Object,boolean,Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;NavigableSet;true;tailSet;(Object,boolean);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Properties;true;getProperty;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual", - "java.util;Properties;true;setProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual", - "java.util;Properties;true;setProperty;(String,String);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;Properties;true;setProperty;(String,String);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual", - "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual", - "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual", - "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual", - "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual", - "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual", - "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual", - "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;SortedMap;true;headMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;SortedMap;true;subMap;(Object,Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;SortedMap;true;tailMap;(Object);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "java.util;SortedMap;true;tailMap;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "java.util;SortedSet;true;first;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;SortedSet;true;headSet;(Object);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;SortedSet;true;last;();;Argument[-1].Element;ReturnValue;value;manual", - "java.util;SortedSet;true;subSet;(Object,Object);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;SortedSet;true;tailSet;(Object);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.concurrent;TransferQueue;true;tryTransfer;(Object,long,TimeUnit);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;TransferQueue;true;transfer;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util.concurrent;TransferQueue;true;tryTransfer;(Object);;Argument[0];Argument[-1].Element;value;manual", - "java.util;List;false;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object);;Argument[0..1];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object);;Argument[0..2];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object);;Argument[0..3];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];ReturnValue.Element;value;manual", - "java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];ReturnValue.Element;value;manual", - "java.util;Map;false;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Map;false;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Map;false;entry;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual", - "java.util;Map;false;entry;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[10];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[11];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[12];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[13];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[14];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[15];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[16];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[17];ReturnValue.MapValue;value;manual", - "java.util;Map;false;of;;;Argument[18];ReturnValue.MapKey;value;manual", - "java.util;Map;false;of;;;Argument[19];ReturnValue.MapValue;value;manual", - "java.util;Map;false;ofEntries;;;Argument[0].ArrayElement.MapKey;ReturnValue.MapKey;value;manual", - "java.util;Map;false;ofEntries;;;Argument[0].ArrayElement.MapValue;ReturnValue.MapValue;value;manual", - "java.util;Set;false;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object);;Argument[0..1];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object);;Argument[0..2];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object);;Argument[0..3];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];ReturnValue.Element;value;manual", - "java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];ReturnValue.Element;value;manual", - "java.util;Arrays;false;stream;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util;Arrays;false;spliterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util;Arrays;false;copyOfRange;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "java.util;Arrays;false;copyOf;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "java.util;Collections;false;list;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;enumeration;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;nCopies;(int,Object);;Argument[1];ReturnValue.Element;value;manual", - "java.util;Collections;false;singletonMap;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual", - "java.util;Collections;false;singletonMap;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual", - "java.util;Collections;false;singletonList;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util;Collections;false;singleton;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;checkedMap;(Map,Class,Class);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;checkedMap;(Map,Class,Class);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;checkedList;(List,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;checkedNavigableSet;(NavigableSet,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;checkedSortedSet;(SortedSet,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;checkedSet;(Set,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;checkedCollection;(Collection,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;synchronizedSortedMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;synchronizedSortedMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;synchronizedMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;synchronizedMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;synchronizedList;(List);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;synchronizedNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;synchronizedSortedSet;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;synchronizedSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;synchronizedCollection;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;unmodifiableMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "java.util;Collections;false;unmodifiableMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "java.util;Collections;false;unmodifiableList;(List);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;unmodifiableNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;unmodifiableSortedSet;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;unmodifiableSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;unmodifiableCollection;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "java.util;Collections;false;max;;;Argument[0].Element;ReturnValue;value;manual", - "java.util;Collections;false;min;;;Argument[0].Element;ReturnValue;value;manual", - "java.util;Arrays;false;fill;(Object[],int,int,Object);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(Object[],Object);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(float[],int,int,float);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(float[],float);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(double[],int,int,double);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(double[],double);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(boolean[],int,int,boolean);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(boolean[],boolean);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(byte[],int,int,byte);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(byte[],byte);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(char[],int,int,char);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(char[],char);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(short[],int,int,short);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(short[],short);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(int[],int,int,int);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(int[],int);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(long[],int,int,long);;Argument[3];Argument[0].ArrayElement;value;manual", - "java.util;Arrays;false;fill;(long[],long);;Argument[1];Argument[0].ArrayElement;value;manual", - "java.util;Collections;false;replaceAll;(List,Object,Object);;Argument[2];Argument[0].Element;value;manual", - "java.util;Collections;false;copy;(List,List);;Argument[1].Element;Argument[0].Element;value;manual", - "java.util;Collections;false;fill;(List,Object);;Argument[1];Argument[0].Element;value;manual", - "java.util;Arrays;false;asList;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util;Collections;false;addAll;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;value;manual", - "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;AbstractMap$SimpleEntry;false;SimpleEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;AbstractMap$SimpleImmutableEntry;false;SimpleImmutableEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;ArrayDeque;false;ArrayDeque;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;ArrayList;false;ArrayList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;EnumMap;false;EnumMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;EnumMap;false;EnumMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;EnumMap;false;EnumMap;(EnumMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;EnumMap;false;EnumMap;(EnumMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;HashMap;false;HashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;HashMap;false;HashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;HashSet;false;HashSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;Hashtable;false;Hashtable;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;Hashtable;false;Hashtable;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;IdentityHashMap;false;IdentityHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;LinkedHashMap;false;LinkedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;LinkedHashSet;false;LinkedHashSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;LinkedList;false;LinkedList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;PriorityQueue;false;PriorityQueue;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;PriorityQueue;false;PriorityQueue;(PriorityQueue);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;PriorityQueue;false;PriorityQueue;(SortedSet);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;TreeMap;false;TreeMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;TreeMap;false;TreeMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;TreeMap;false;TreeMap;(SortedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;TreeMap;false;TreeMap;(SortedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "java.util;TreeSet;false;TreeSet;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;TreeSet;false;TreeSet;(SortedSet);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;Vector;false;Vector;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - "java.util;WeakHashMap;false;WeakHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "java.util;WeakHashMap;false;WeakHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual" - ] - } -} - private predicate taintPreservingQualifierToMethod(Method m) { // java.util.Map.Entry m.getDeclaringType() instanceof EntryType and diff --git a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll index 8328a9dfbcb..8c77a050a9f 100644 --- a/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll +++ b/java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll @@ -42,17 +42,6 @@ class TypeApacheHttpRequestBuilder extends Class { } } -private class ApacheHttpSource extends SourceModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.http.protocol;HttpRequestHandler;true;handle;(HttpRequest,HttpResponse,HttpContext);;Parameter[0];remote;manual", - "org.apache.hc.core5.http.io;HttpRequestHandler;true;handle;(ClassicHttpRequest,ClassicHttpResponse,HttpContext);;Parameter[0];remote;manual", - "org.apache.hc.core5.http.io;HttpServerRequestHandler;true;handle;(ClassicHttpRequest,ResponseTrigger,HttpContext);;Parameter[0];remote;manual" - ] - } -} - /** * A call that sets a header of an `HttpResponse`. */ @@ -80,191 +69,3 @@ class ApacheHttpSetHeader extends Call { /** Gets the expression used as the value of this header. */ Expr getValue() { result = this.getArgument(1) } } - -private class ApacheHttpXssSink extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.http;HttpResponse;true;setEntity;(HttpEntity);;Argument[0];xss;manual", - "org.apache.http.util;EntityUtils;true;updateEntity;(HttpResponse,HttpEntity);;Argument[1];xss;manual", - "org.apache.hc.core5.http;HttpEntityContainer;true;setEntity;(HttpEntity);;Argument[0];xss;manual" - ] - } -} - -private class ApacheHttpOpenUrlSink extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.http;HttpRequest;true;setURI;;;Argument[0];open-url;manual", - "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(RequestLine);;Argument[0];open-url;manual", - "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(String,String);;Argument[1];open-url;manual", - "org.apache.http.message;BasicHttpRequest;false;BasicHttpRequest;(String,String,ProtocolVersion);;Argument[1];open-url;manual", - "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(RequestLine);;Argument[0];open-url;manual", - "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(String,String);;Argument[1];open-url;manual", - "org.apache.http.message;BasicHttpEntityEnclosingRequest;false;BasicHttpEntityEnclosingRequest;(String,String,ProtocolVersion);;Argument[1];open-url;manual", - "org.apache.http.client.methods;HttpGet;false;HttpGet;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpHead;false;HttpHead;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpPut;false;HttpPut;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpPost;false;HttpPost;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpDelete;false;HttpDelete;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpOptions;false;HttpOptions;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpTrace;false;HttpTrace;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpPatch;false;HttpPatch;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;HttpRequestBase;true;setURI;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;setUri;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;get;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;post;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;put;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;options;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;head;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;delete;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;trace;;;Argument[0];open-url;manual", - "org.apache.http.client.methods;RequestBuilder;false;patch;;;Argument[0];open-url;manual" - ] - } -} - -private class ApacheHttpFlowStep extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.http;HttpMessage;true;getAllHeaders;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;getFirstHeader;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;getLastHeader;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;getHeaders;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;getParams;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;headerIterator;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpMessage;true;headerIterator;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpRequest;true;getRequestLine;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpEntityEnclosingRequest;true;getEntity;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;Header;true;getElements;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderElement;true;getName;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderElement;true;getValue;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderElement;true;getParameter;(int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderElement;true;getParameterByName;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderElement;true;getParameters;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;NameValuePair;true;getName;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;NameValuePair;true;getValue;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HeaderIterator;true;nextHeader;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpEntity;true;getContent;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpEntity;true;getContentEncoding;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;HttpEntity;true;getContentType;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;RequestLine;true;getMethod;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;RequestLine;true;getUri;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.params;HttpParams;true;getParameter;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.params;HttpParams;true;getDoubleParameter;(String,double);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.params;HttpParams;true;getIntParameter;(String,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.params;HttpParams;true;getLongParameter;(String,long);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.params;HttpParams;true;getDoubleParameter;(String,double);;Argument[1];ReturnValue;value;manual", - "org.apache.http.params;HttpParams;true;getIntParameter;(String,int);;Argument[1];ReturnValue;value;manual", - "org.apache.http.params;HttpParams;true;getLongParameter;(String,long);;Argument[1];ReturnValue;value;manual", - "org.apache.hc.core5.http;MessageHeaders;true;getFirstHeader;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;getLastHeader;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;getHeader;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;getHeaders;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;getHeaders;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;headerIterator;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;MessageHeaders;true;headerIterator;(String);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpRequest;true;getAuthority;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpRequest;true;getMethod;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpRequest;true;getPath;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpRequest;true;getUri;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpRequest;true;getRequestUri;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpEntityContainer;true;getEntity;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;NameValuePair;true;getName;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;NameValuePair;true;getValue;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpEntity;true;getContent;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;HttpEntity;true;getTrailers;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;EntityDetails;true;getContentType;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;EntityDetails;true;getContentEncoding;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http;EntityDetails;true;getTrailerNames;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http.message;RequestLine;true;getMethod;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http.message;RequestLine;true;getUri;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http.message;RequestLine;true;toString;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.http.message;RequestLine;true;RequestLine;(HttpRequest);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.http.message;RequestLine;true;RequestLine;(String,String,ProtocolVersion);;Argument[1];Argument[-1];taint;manual", - "org.apache.hc.core5.function;Supplier;true;get;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.net;URIAuthority;true;getHostName;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.net;URIAuthority;true;toString;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;EntityUtils;true;toString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EntityUtils;true;toByteArray;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EntityUtils;true;getContentCharSet;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EntityUtils;true;getContentMimeType;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;EntityUtils;true;toString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;EntityUtils;true;toByteArray;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;EntityUtils;true;parse;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EncodingUtils;true;getAsciiBytes;(String);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EncodingUtils;true;getAsciiString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EncodingUtils;true;getBytes;(String,String);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;EncodingUtils;true;getString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.http.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value;manual", - "org.apache.http.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.http.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value;manual", - "org.apache.http.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;notEmpty;(Object,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value;manual", - "org.apache.hc.core5.http.io.entity;HttpEntities;true;create;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;HttpEntities;true;createGzipped;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;HttpEntities;true;createUrlEncoded;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;HttpEntities;true;gzip;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;HttpEntities;true;withTrailers;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.entity;BasicHttpEntity;true;setContent;(InputStream);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.entity;BufferedHttpEntity;true;BufferedHttpEntity;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.entity;ByteArrayEntity;true;ByteArrayEntity;;;Argument[0];Argument[-1];taint;manual", - "org.apache.http.entity;HttpEntityWrapper;true;HttpEntityWrapper;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.http.entity;InputStreamEntity;true;InputStreamEntity;;;Argument[0];ReturnValue;taint;manual", - "org.apache.http.entity;StringEntity;true;StringEntity;;;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.http.io.entity;BasicHttpEntity;true;BasicHttpEntity;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;BufferedHttpEntity;true;BufferedHttpEntity;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;ByteArrayEntity;true;ByteArrayEntity;;;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.http.io.entity;HttpEntityWrapper;true;HttpEntityWrapper;(HttpEntity);;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;InputStreamEntity;true;InputStreamEntity;;;Argument[0];ReturnValue;taint;manual", - "org.apache.hc.core5.http.io.entity;StringEntity;true;StringEntity;;;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;ByteArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;ByteArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;ByteArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;ByteArrayBuffer;true;buffer;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;ByteArrayBuffer;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(ByteArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(CharArrayBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;append;(Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.http.util;CharArrayBuffer;true;buffer;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;toCharArray;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;toString;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;substring;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;subSequence;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.util;CharArrayBuffer;true;substringTrimmed;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;ByteArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;ByteArrayBuffer;true;array;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;ByteArrayBuffer;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(CharArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(ByteArrayBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(CharArrayBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;append;(Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;array;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;toCharArray;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;toString;();;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;substring;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;subSequence;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.hc.core5.util;CharArrayBuffer;true;substringTrimmed;(int,int);;Argument[-1];ReturnValue;taint;manual", - "org.apache.http.message;BasicRequestLine;false;BasicRequestLine;;;Argument[1];Argument[-1];taint;manual", - "org.apache.http;RequestLine;true;getUri;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.http;RequestLine;true;toString;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll b/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll index 615d928a709..e0f04da2954 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Flexjson.qll @@ -33,9 +33,3 @@ class FlexjsonDeserializerUseMethod extends Method { this.hasName("use") } } - -private class FluentUseMethodModel extends SummaryModelCsv { - override predicate row(string r) { - r = "flexjson;JSONDeserializer;true;use;;;Argument[-1];ReturnValue;value;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll b/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll index 4832576b7b9..dcb72cd9722 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Hibernate.qll @@ -21,19 +21,3 @@ class HibernateSharedSessionContract extends RefType { class HibernateSession extends RefType { HibernateSession() { this.hasQualifiedName("org.hibernate", "Session") } } - -private class SqlSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "org.hibernate;QueryProducer;true;createQuery;;;Argument[0];sql;manual", - "org.hibernate;QueryProducer;true;createNativeQuery;;;Argument[0];sql;manual", - "org.hibernate;QueryProducer;true;createSQLQuery;;;Argument[0];sql;manual", - "org.hibernate;SharedSessionContract;true;createQuery;;;Argument[0];sql;manual", - "org.hibernate;SharedSessionContract;true;createSQLQuery;;;Argument[0];sql;manual", - "org.hibernate;Session;true;createQuery;;;Argument[0];sql;manual", - "org.hibernate;Session;true;createSQLQuery;;;Argument[0];sql;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll b/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll deleted file mode 100644 index 05f764b357b..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/HikariCP.qll +++ /dev/null @@ -1,17 +0,0 @@ -/** - * Definitions of sinks in the Hikari Connection Pool library. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class SsrfSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "com.zaxxer.hikari;HikariConfig;false;HikariConfig;(Properties);;Argument[0];jdbc-url;manual", - "com.zaxxer.hikari;HikariConfig;false;setJdbcUrl;(String);;Argument[0];jdbc-url;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JMS.qll b/java/ql/lib/semmle/code/java/frameworks/JMS.qll deleted file mode 100644 index f1eb0ace982..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/JMS.qll +++ /dev/null @@ -1,112 +0,0 @@ -/** - * This model covers JMS API versions 1 and 2. - * - * https://docs.oracle.com/javaee/6/api/javax/jms/package-summary.html - * https://docs.oracle.com/javaee/7/api/javax/jms/package-summary.html - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -/** Defines sources of tainted data in JMS 1. */ -private class Jms1Source extends SourceModelCsv { - override predicate row(string row) { - row = - [ - // incoming messages are considered tainted - "javax.jms;MessageListener;true;onMessage;(Message);;Parameter[0];remote;manual", - "javax.jms;MessageConsumer;true;receive;;;ReturnValue;remote;manual", - "javax.jms;MessageConsumer;true;receiveNoWait;();;ReturnValue;remote;manual", - "javax.jms;QueueRequestor;true;request;(Message);;ReturnValue;remote;manual", - "javax.jms;TopicRequestor;true;request;(Message);;ReturnValue;remote;manual", - ] - } -} - -/** Defines taint propagation steps in JMS 1. */ -private class Jms1FlowStep extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - // if a message is tainted, then it returns tainted data - "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getJMSCorrelationIDAsBytes;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getJMSCorrelationID;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getJMSReplyTo;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getJMSDestination;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getJMSType;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getBooleanProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getByteProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getShortProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getIntProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getLongProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getFloatProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getDoubleProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getStringProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getObjectProperty;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Message;true;getPropertyNames;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readUnsignedByte;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readUnsignedShort;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readUTF;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;BytesMessage;true;readBytes;;;Argument[-1];Argument[0];taint;manual", - "javax.jms;MapMessage;true;getBoolean;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getByte;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getShort;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getChar;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getInt;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getLong;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getFloat;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getDouble;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getString;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getBytes;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getObject;(String);;Argument[-1];ReturnValue;taint;manual", - "javax.jms;MapMessage;true;getMapNames;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;ObjectMessage;true;getObject;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readString;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;StreamMessage;true;readBytes;(byte[]);;Argument[-1];Argument[0];taint;manual", - "javax.jms;StreamMessage;true;readObject;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;TextMessage;true;getText;();;Argument[-1];ReturnValue;taint;manual", - // if a destination is tainted, then it returns tainted data - "javax.jms;Queue;true;getQueueName;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Queue;true;toString;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Topic;true;getTopicName;();;Argument[-1];ReturnValue;taint;manual", - "javax.jms;Topic;true;toString;();;Argument[-1];ReturnValue;taint;manual", - ] - } -} - -/** Defines additional sources of tainted data in JMS 2. */ -private class Jms2Source extends SourceModelCsv { - override predicate row(string row) { - row = - [ - "javax.jms;JMSConsumer;true;receive;;;ReturnValue;remote;manual", - "javax.jms;JMSConsumer;true;receiveBody;;;ReturnValue;remote;manual", - "javax.jms;JMSConsumer;true;receiveNoWait;();;ReturnValue;remote;manual", - "javax.jms;JMSConsumer;true;receiveBodyNoWait;();;ReturnValue;remote;manual", - ] - } -} - -/** Defines additional taint propagation steps in JMS 2. */ -private class Jms2FlowStep extends SummaryModelCsv { - override predicate row(string row) { - row = "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll b/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll deleted file mode 100644 index 8748c2a0cb1..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/JavaIo.qll +++ /dev/null @@ -1,24 +0,0 @@ -/** Definitions of taint steps in Objects class of the JDK */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class JavaIoSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint;manual", - "java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;value;manual", - "java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual", - "java.io;Writer;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint;manual", - "java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual", - "java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual", - "java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual", - "java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual", - "java.nio.channels;ReadableByteChannel;true;read;(ByteBuffer);;Argument[-1];Argument[0];taint;manual", - "java.nio.channels;Channels;false;newChannel;(InputStream);;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll deleted file mode 100644 index 0a2db0d06fc..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/JavaxJson.qll +++ /dev/null @@ -1,138 +0,0 @@ -/** - * Provides models for the `javax.json` and `jakarta.json` packages. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + - [ - ".json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createArrayBuilder;(Collection);;Argument[0].Element;ReturnValue;taint;manual", - ".json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint;manual", - ".json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint;manual", - ".json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createObjectBuilder;(Map);;Argument[0].MapKey;ReturnValue;taint;manual", - ".json;Json;false;createObjectBuilder;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - ".json;Json;false;createPatch;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createPointer;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint;manual", - ".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value;manual", - ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value;manual", - ".json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArray;false;getString;;;Argument[1];ReturnValue;value;manual", - ".json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint;manual", - ".json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value;manual", - ".json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value;manual", - ".json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObject;false;getString;;;Argument[1];ReturnValue;value;manual", - ".json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint;manual", - ".json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value;manual", - ".json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value;manual", - ".json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint;manual", - ".json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint;manual", - ".json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint;manual", - ".json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint;manual", - ".json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint;manual", - ".json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint;manual", - ".json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint;manual", - ".json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index c60c3ff0369..23f304be83a 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -321,323 +321,6 @@ private class JaxRSXssSink extends XssSink { } } -/** A URL redirection sink from JAX-RS */ -private class JaxRsUrlRedirectSink extends SinkModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;Response;true;" + ["seeOther", "temporaryRedirect"] + - ";;;Argument[0];url-redirect;manual" - } -} - -/** - * Model Response: - * - * - the returned ResponseBuilder gains taint from a tainted entity or existing Response - */ -private class ResponseModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;Response;false;" + ["accepted", "fromResponse", "ok"] + - ";;;Argument[0];ReturnValue;taint;manual" - } -} - -/** - * Model ResponseBuilder: - * - * - becomes tainted by a tainted entity, but not by metadata, headers etc - * - build() method returns taint - * - almost all methods are fluent, and so preserve value - */ -private class ResponseBuilderModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;Response$ResponseBuilder;true;" + - [ - "allow", "cacheControl", "contentLocation", "cookie", "encoding", "entity", "expires", - "header", "language", "lastModified", "link", "links", "location", "replaceAll", "status", - "tag", "type", "variant", "variants" - ] + ";;;Argument[-1];ReturnValue;value;manual" - or - row = - ["javax", "jakarta"] + ".ws.rs.core;Response$ResponseBuilder;true;" + - [ - "build;;;Argument[-1];ReturnValue;taint;manual", - "entity;;;Argument[0];Argument[-1];taint;manual", - "clone;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} - -/** - * Model HttpHeaders: methods that Date have to be syntax-checked, but those returning MediaType - * or Locale are assumed potentially dangerous, as these types do not generally check that the - * input data is recognised, only that it conforms to the expected syntax. - */ -private class HttpHeadersModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;HttpHeaders;true;" + - [ - "getAcceptableLanguages", "getAcceptableMediaTypes", "getCookies", "getHeaderString", - "getLanguage", "getMediaType", "getRequestHeader", "getRequestHeaders" - ] + ";;;Argument[-1];ReturnValue;taint;manual" - } -} - -/** - * Model MultivaluedMap, which extends `Map>` and provides a few extra helper methods. - */ -private class MultivaluedMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;MultivaluedMap;true;" + - [ - "add;;;Argument[0];Argument[-1].MapKey;value;manual", - "add;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - "addAll;;;Argument[0];Argument[-1].MapKey;value;manual", - "addAll;(Object,List);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual", - "addAll;(Object,Object[]);;Argument[1].ArrayElement;Argument[-1].MapValue.Element;value;manual", - "addFirst;;;Argument[0];Argument[-1].MapKey;value;manual", - "addFirst;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - "getFirst;;;Argument[-1].MapValue.Element;ReturnValue;value;manual", - "putSingle;;;Argument[0];Argument[-1].MapKey;value;manual", - "putSingle;;;Argument[1];Argument[-1].MapValue.Element;value;manual" - ] - } -} - -/** - * Model AbstractMultivaluedMap, which implements MultivaluedMap. - */ -private class AbstractMultivaluedMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;AbstractMultivaluedMap;false;AbstractMultivaluedMap;;;" + - [ - "Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "Argument[0].MapValue;Argument[-1].MapValue;value;manual" - ] - } -} - -/** - * Model MultivaluedHashMap, which extends AbstractMultivaluedMap. - */ -private class MultivaluedHashMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;MultivaluedHashMap;false;MultivaluedHashMap;" + - [ - "(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - "(MultivaluedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "(MultivaluedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual" - ] - } -} - -/** - * Model PathSegment, which wraps a path and its associated matrix parameters. - */ -private class PathSegmentModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;PathSegment;true;" + ["getMatrixParameters", "getPath"] + - ";;;Argument[-1];ReturnValue;taint;manual" - } -} - -/** - * Model UriInfo, which provides URI element accessors. - */ -private class UriInfoModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;UriInfo;true;" + - [ - "getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", - "getAbsolutePathBuilder;;;Argument[-1];ReturnValue;taint;manual", - "getPath;;;Argument[-1];ReturnValue;taint;manual", - "getPathParameters;;;Argument[-1];ReturnValue;taint;manual", - "getPathSegments;;;Argument[-1];ReturnValue;taint;manual", - "getQueryParameters;;;Argument[-1];ReturnValue;taint;manual", - "getRequestUri;;;Argument[-1];ReturnValue;taint;manual", - "getRequestUriBuilder;;;Argument[-1];ReturnValue;taint;manual", - "relativize;;;Argument[0];ReturnValue;taint;manual", - "resolve;;;Argument[-1];ReturnValue;taint;manual", - "resolve;;;Argument[0];ReturnValue;taint;manual" - ] - } -} - -/** - * Model Cookie, a simple tuple type. - */ -private class CookieModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;Cookie;" + - [ - "true;getDomain;;;Argument[-1];ReturnValue;taint;manual", - "true;getName;;;Argument[-1];ReturnValue;taint;manual", - "true;getPath;;;Argument[-1];ReturnValue;taint;manual", - "true;getValue;;;Argument[-1];ReturnValue;taint;manual", - "true;getVersion;;;Argument[-1];ReturnValue;taint;manual", - "true;toString;;;Argument[-1];ReturnValue;taint;manual", - "false;Cookie;;;Argument[0..4];Argument[-1];taint;manual", - "false;valueOf;;;Argument[0];ReturnValue;taint;manual" - ] - } -} - -/** - * Model NewCookie, a simple tuple type. - */ -private class NewCookieModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;NewCookie;" + - [ - "true;getComment;;;Argument[-1];ReturnValue;taint;manual", - "true;getExpiry;;;Argument[-1];ReturnValue;taint;manual", - "true;getMaxAge;;;Argument[-1];ReturnValue;taint;manual", - "true;toCookie;;;Argument[-1];ReturnValue;taint;manual", - "false;NewCookie;;;Argument[0..9];Argument[-1];taint;manual", - "false;valueOf;;;Argument[0];ReturnValue;taint;manual" - ] - } -} - -/** - * Model Form, a simple container type. - */ -private class FormModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;Form;" + - [ - "false;Form;;;Argument[0].MapKey;Argument[-1];taint;manual", - "false;Form;;;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "false;Form;;;Argument[0..1];Argument[-1];taint;manual", - "true;asMap;;;Argument[-1];ReturnValue;taint;manual", - "true;param;;;Argument[0..1];Argument[-1];taint;manual", - "true;param;;;Argument[-1];ReturnValue;value;manual" - ] - } -} - -/** - * Model GenericEntity, a wrapper for HTTP entities (e.g., documents). - */ -private class GenericEntityModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;GenericEntity;" + - [ - "false;GenericEntity;;;Argument[0];Argument[-1];taint;manual", - "true;getEntity;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} - -/** - * Model MediaType, which provides accessors for elements of Content-Type and similar - * media type specifications. - */ -private class MediaTypeModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;MediaType;" + - [ - "false;MediaType;;;Argument[0..2];Argument[-1];taint;manual", - "true;getParameters;;;Argument[-1];ReturnValue;taint;manual", - "true;getSubtype;;;Argument[-1];ReturnValue;taint;manual", - "true;getType;;;Argument[-1];ReturnValue;taint;manual", - "false;valueOf;;;Argument[0];ReturnValue;taint;manual", - "true;withCharset;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} - -/** - * Model UriBuilder, which provides a fluent interface to build a URI from components. - */ -private class UriBuilderModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["javax", "jakarta"] + ".ws.rs.core;UriBuilder;" + - [ - "true;build;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "true;build;;;Argument[-1];ReturnValue;taint;manual", - "true;buildFromEncoded;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "true;buildFromEncoded;;;Argument[-1];ReturnValue;taint;manual", - "true;buildFromEncodedMap;;;Argument[0].MapKey;ReturnValue;taint;manual", - "true;buildFromEncodedMap;;;Argument[0].MapValue;ReturnValue;taint;manual", - "true;buildFromEncodedMap;;;Argument[-1];ReturnValue;taint;manual", - "true;buildFromMap;;;Argument[0].MapKey;ReturnValue;taint;manual", - "true;buildFromMap;;;Argument[0].MapValue;ReturnValue;taint;manual", - "true;buildFromMap;;;Argument[-1];ReturnValue;taint;manual", - "true;clone;;;Argument[-1];ReturnValue;taint;manual", - "true;fragment;;;Argument[0];ReturnValue;taint;manual", - "true;fragment;;;Argument[-1];ReturnValue;value;manual", - "false;fromLink;;;Argument[0];ReturnValue;taint;manual", - "false;fromPath;;;Argument[0];ReturnValue;taint;manual", - "false;fromUri;;;Argument[0];ReturnValue;taint;manual", - "true;host;;;Argument[0];ReturnValue;taint;manual", - "true;host;;;Argument[-1];ReturnValue;value;manual", - "true;matrixParam;;;Argument[0];ReturnValue;taint;manual", - "true;matrixParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "true;matrixParam;;;Argument[-1];ReturnValue;value;manual", - "true;path;;;Argument[0..1];ReturnValue;taint;manual", - "true;path;;;Argument[-1];ReturnValue;value;manual", - "true;queryParam;;;Argument[0];ReturnValue;taint;manual", - "true;queryParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "true;queryParam;;;Argument[-1];ReturnValue;value;manual", - "true;replaceMatrix;;;Argument[0];ReturnValue;taint;manual", - "true;replaceMatrix;;;Argument[-1];ReturnValue;value;manual", - "true;replaceMatrixParam;;;Argument[0];ReturnValue;taint;manual", - "true;replaceMatrixParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "true;replaceMatrixParam;;;Argument[-1];ReturnValue;value;manual", - "true;replacePath;;;Argument[0];ReturnValue;taint;manual", - "true;replacePath;;;Argument[-1];ReturnValue;value;manual", - "true;replaceQuery;;;Argument[0];ReturnValue;taint;manual", - "true;replaceQuery;;;Argument[-1];ReturnValue;value;manual", - "true;replaceQueryParam;;;Argument[0];ReturnValue;taint;manual", - "true;replaceQueryParam;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "true;replaceQueryParam;;;Argument[-1];ReturnValue;value;manual", - "true;resolveTemplate;;;Argument[0..2];ReturnValue;taint;manual", - "true;resolveTemplate;;;Argument[-1];ReturnValue;value;manual", - "true;resolveTemplateFromEncoded;;;Argument[0..1];ReturnValue;taint;manual", - "true;resolveTemplateFromEncoded;;;Argument[-1];ReturnValue;value;manual", - "true;resolveTemplates;;;Argument[0].MapKey;ReturnValue;taint;manual", - "true;resolveTemplates;;;Argument[0].MapValue;ReturnValue;taint;manual", - "true;resolveTemplates;;;Argument[-1];ReturnValue;value;manual", - "true;resolveTemplatesFromEncoded;;;Argument[0].MapKey;ReturnValue;taint;manual", - "true;resolveTemplatesFromEncoded;;;Argument[0].MapValue;ReturnValue;taint;manual", - "true;resolveTemplatesFromEncoded;;;Argument[-1];ReturnValue;value;manual", - "true;scheme;;;Argument[0];ReturnValue;taint;manual", - "true;scheme;;;Argument[-1];ReturnValue;value;manual", - "true;schemeSpecificPart;;;Argument[0];ReturnValue;taint;manual", - "true;schemeSpecificPart;;;Argument[-1];ReturnValue;value;manual", - "true;segment;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "true;segment;;;Argument[-1];ReturnValue;value;manual", - "true;toTemplate;;;Argument[-1];ReturnValue;taint;manual", - "true;uri;;;Argument[0];ReturnValue;taint;manual", - "true;uri;;;Argument[-1];ReturnValue;value;manual", - "true;userInfo;;;Argument[0];ReturnValue;taint;manual", - "true;userInfo;;;Argument[-1];ReturnValue;value;manual" - ] - } -} - -private class JaxRsUrlOpenSink extends SinkModelCsv { - override predicate row(string row) { - row = ["javax", "jakarta"] + ".ws.rs.client;Client;true;target;;;Argument[0];open-url;manual" - } -} - private predicate isXssVulnerableContentTypeExpr(Expr e) { isXssVulnerableContentType(getContentTypeString(e)) } @@ -784,17 +467,3 @@ private class VulnerableEntity extends XssSinkBarrier { ).getArgument(0) } } - -/** - * Model sources stemming from `ContainerRequestContext`. - */ -private class ContainerRequestContextModel extends SourceModelCsv { - override predicate row(string s) { - s = - ["javax", "jakarta"] + ".ws.rs.container;ContainerRequestContext;true;" + - [ - "getAcceptableLanguages", "getAcceptableMediaTypes", "getCookies", "getEntityStream", - "getHeaders", "getHeaderString", "getLanguage", "getMediaType", "getUriInfo" - ] + ";;;ReturnValue;remote;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll b/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll index ba9dd8d445c..be22f2716be 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jdbc.qll @@ -34,33 +34,3 @@ class ResultSetGetStringMethod extends Method { getReturnType() instanceof TypeString } } - -/*--- Other definitions ---*/ -private class SqlSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "java.sql;Connection;true;prepareStatement;;;Argument[0];sql;manual", - "java.sql;Connection;true;prepareCall;;;Argument[0];sql;manual", - "java.sql;Statement;true;execute;;;Argument[0];sql;manual", - "java.sql;Statement;true;executeQuery;;;Argument[0];sql;manual", - "java.sql;Statement;true;executeUpdate;;;Argument[0];sql;manual", - "java.sql;Statement;true;executeLargeUpdate;;;Argument[0];sql;manual", - "java.sql;Statement;true;addBatch;;;Argument[0];sql;manual" - ] - } -} - -private class SsrfSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "java.sql;DriverManager;false;getConnection;(String);;Argument[0];jdbc-url;manual", - "java.sql;DriverManager;false;getConnection;(String,Properties);;Argument[0];jdbc-url;manual", - "java.sql;DriverManager;false;getConnection;(String,String,String);;Argument[0];jdbc-url;manual", - "java.sql;Driver;false;connect;(String,Properties);;Argument[0];jdbc-url;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll b/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll deleted file mode 100644 index 698d27d07ed..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Jdbi.qll +++ /dev/null @@ -1,21 +0,0 @@ -/** - * Definitions of sinks in the JDBI library. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class SsrfSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "org.jdbi.v3.core;Jdbi;false;create;(String);;Argument[0];jdbc-url;manual", - "org.jdbi.v3.core;Jdbi;false;create;(String,Properties);;Argument[0];jdbc-url;manual", - "org.jdbi.v3.core;Jdbi;false;create;(String,String,String);;Argument[0];jdbc-url;manual", - "org.jdbi.v3.core;Jdbi;false;open;(String);;Argument[0];jdbc-url;manual", - "org.jdbi.v3.core;Jdbi;false;open;(String,Properties);;Argument[0];jdbc-url;manual", - "org.jdbi.v3.core;Jdbi;false;open;(String,String,String);;Argument[0];jdbc-url;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll b/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll index 9ed563091d7..5440b1ca5d6 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JoddJson.qll @@ -41,28 +41,3 @@ class AllowClassMethod extends Method { this.hasName("allowClass") } } - -/** - * A partial model of jodd.json.JsonParser noting fluent methods. - * - * This means that DataFlow::localFlow and similar methods are aware - * that the result of (e.g.) JsonParser.allowClass is an alias of the - * qualifier. - */ -private class JsonParserFluentMethods extends SummaryModelCsv { - override predicate row(string s) { - s = - [ - "jodd.json;JsonParser;false;allowAllClasses;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;allowClass;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;lazy;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;looseMode;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;map;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;setClassMetadataName;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;strictTypes;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;useAltPaths;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;withClassMetadata;;;Argument[-1];ReturnValue;value;manual", - "jodd.json;JsonParser;false;withValueConverter;;;Argument[-1];ReturnValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll b/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll deleted file mode 100644 index b8c79a010c0..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/JsonJava.qll +++ /dev/null @@ -1,252 +0,0 @@ -/** - * Provides models for working with the JSON-java library (package `org.json`). - */ - -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.json;JSONString;true;toJSONString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;XMLXsiTypeConverter;true;convert;;;Argument[0];ReturnValue;taint;manual", - "org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint;manual", - "org.json;CDL;false;rowToJSONObject;;;Argument[0..1];ReturnValue;taint;manual", - "org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint;manual", - "org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint;manual", - "org.json;CDL;false;toString;;;Argument[0..1];ReturnValue;taint;manual", - "org.json;Cookie;false;escape;;;Argument[0];ReturnValue;taint;manual", - "org.json;Cookie;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;Cookie;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.json;Cookie;false;unescape;;;Argument[0];ReturnValue;taint;manual", - "org.json;CookieList;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;CookieList;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.json;HTTP;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;HTTP;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.json;HTTPTokener;false;HTTPTokener;;;Argument[0];Argument[-1];taint;manual", - "org.json;HTTPTokener;false;nextToken;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;JSONArray;(Collection);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;JSONArray;(Iterable);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;JSONArray;(JSONArray);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;JSONArray;(JSONTokener);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;JSONArray;(Object);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.json;JSONArray;false;JSONArray;(String);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;get;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getBigDecimal;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getBigInteger;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getDouble;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getEnum;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getFloat;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getInt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getJSONArray;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getJSONObject;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getLong;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getNumber;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;getString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;iterator;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.json;JSONArray;false;join;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;join;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONArray;false;opt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optBigDecimal;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optBigInteger;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optBoolean;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optDouble;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optEnum;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optFloat;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optInt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optJSONArray;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optJSONObject;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optLong;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optNumber;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optQuery;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;optString;;;Argument[-1];ReturnValue;taint;manual", - // Default values that may be returned by the `opt*` methods above: - "org.json;JSONArray;false;optBigDecimal;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optBigInteger;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optBoolean;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optDouble;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optEnum;;;Argument[2];ReturnValue;value;manual", - "org.json;JSONArray;false;optFloat;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optInt;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optLong;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optNumber;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;optString;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONArray;false;put;(boolean);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(Collection);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(double);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(float);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(long);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(Map);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(Map);;Argument[0].MapValue;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(Object);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,boolean);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,Collection);;Argument[1].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,double);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,float);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,int);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,long);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,Map);;Argument[1].MapKey;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,Map);;Argument[1].MapValue;Argument[-1];taint;manual", - "org.json;JSONArray;false;put;(int,Object);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONArray;false;putAll;(Collection);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;putAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONArray;false;putAll;(JSONArray);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;putAll;(Object);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONArray;false;toList;;;Argument[0];ReturnValue.Element;taint;manual", - "org.json;JSONArray;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONArray;false;write;;;Argument[-1];Argument[0];taint;manual", - "org.json;JSONArray;false;write;;;Argument[0];ReturnValue;value;manual", - "org.json;JSONML;false;toJSONArray;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONML;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONML;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;JSONObject;(JSONObject,String[]);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(JSONObject,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(JSONTokener);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(Map);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(Map);;Argument[0].MapValue;Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(Object);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(Object,String[]);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(Object,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(String);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;JSONObject;(String,Locale);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint;manual", - "org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint;manual", - "org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;doubleToString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;true;entrySet;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.json;JSONObject;false;get;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getBigDecimal;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getBigInteger;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getBoolean;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getDouble;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getEnum;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getFloat;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getInt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getJSONArray;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getJSONObject;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getLong;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getNames;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.json;JSONObject;false;getNumber;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;getString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;keys;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.json;JSONObject;false;keySet;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.json;JSONObject;false;names;;;Argument[-1];ReturnValue;taint;manual", // Returns a JSONArray, hence this has no Element qualifier or similar - "org.json;JSONObject;false;numberToString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;opt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optBigDecimal;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optBigInteger;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optBoolean;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optDouble;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optEnum;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optFloat;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optInt;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optJSONArray;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optJSONObject;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optLong;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optNumber;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optQuery;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;optString;;;Argument[-1];ReturnValue;taint;manual", - // Default values that may be returned by the `opt*` methods above: - "org.json;JSONObject;false;optBigDecimal;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optBigInteger;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optBoolean;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optDouble;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optEnum;;;Argument[2];ReturnValue;value;manual", - "org.json;JSONObject;false;optFloat;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optInt;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optLong;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optNumber;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;optString;;;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;put;(String,boolean);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Collection);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,double);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,float);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,int);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,long);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Map);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Object);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,boolean);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,double);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,float);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,int);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,long);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Map);;Argument[1].MapKey;Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Map);;Argument[1].MapValue;Argument[-1];taint;manual", - "org.json;JSONObject;false;put;(String,Object);;Argument[1];Argument[-1];taint;manual", - "org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint;manual", - "org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint;manual", - "org.json;JSONObject;false;query;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;quote;(String);;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;quote;(String,Writer);;Argument[0];Argument[1];taint;manual", - "org.json;JSONObject;false;quote;(String,Writer);;Argument[1];ReturnValue;value;manual", - "org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;toJSONArray;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;toMap;;;Argument[-1];ReturnValue.MapKey;taint;manual", - "org.json;JSONObject;false;toMap;;;Argument[-1];ReturnValue.MapValue;taint;manual", - "org.json;JSONObject;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONObject;false;valueToString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;wrap;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONObject;false;write;;;Argument[-1];Argument[0];taint;manual", - "org.json;JSONObject;false;write;;;Argument[0];ReturnValue;value;manual", - "org.json;JSONPointer;false;JSONPointer;(List);;Argument[0].Element;Argument[-1];taint;manual", - "org.json;JSONPointer;false;JSONPointer;(String);;Argument[0];Argument[-1];taint;manual", - "org.json;JSONPointer;false;queryFrom;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONPointer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONPointer;false;toURIFragment;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONPointer$Builder;false;append;;;Argument[0];Argument[-1];taint;manual", - "org.json;JSONPointer$Builder;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONPointer$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONStringer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint;manual", - "org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint;manual", - "org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint;manual", - // The following model doesn't work yet due to lack of support for reverse taint flow: - "org.json;JSONWriter;true;JSONWriter;;;Argument[-1];Argument[0];taint;manual", - "org.json;JSONWriter;true;key;;;Argument[0];Argument[-1];taint;manual", - "org.json;JSONWriter;true;value;;;Argument[0];Argument[-1];taint;manual", - "org.json;JSONWriter;true;valueToString;;;Argument[0];ReturnValue;taint;manual", - "org.json;JSONWriter;true;array;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONWriter;true;endArray;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONWriter;true;endObject;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONWriter;true;key;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONWriter;true;object;;;Argument[-1];ReturnValue;value;manual", - "org.json;JSONWriter;true;value;;;Argument[-1];ReturnValue;value;manual", - "org.json;Property;false;toJSONObject;;;Argument[0].MapKey;ReturnValue;taint;manual", - "org.json;Property;false;toJSONObject;;;Argument[0].MapValue;ReturnValue;taint;manual", - "org.json;Property;false;toProperties;;;Argument[0];ReturnValue.MapKey;taint;manual", - "org.json;Property;false;toProperties;;;Argument[0];ReturnValue.MapValue;taint;manual", - "org.json;XML;false;escape;;;Argument[0];ReturnValue;taint;manual", - "org.json;XML;false;stringToValue;;;Argument[0];ReturnValue;taint;manual", - "org.json;XML;false;toJSONObject;;;Argument[0];ReturnValue;taint;manual", - "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint;manual", - "org.json;XML;false;unescape;;;Argument[0];ReturnValue;taint;manual", - "org.json;XMLTokener;false;XMLTokener;;;Argument[0];Argument[-1];taint;manual", - "org.json;XMLTokener;false;nextCDATA;;;Argument[-1];ReturnValue;taint;manual", - "org.json;XMLTokener;false;nextContent;;;Argument[-1];ReturnValue;taint;manual", - "org.json;XMLTokener;false;nextEntity;;;Argument[-1];ReturnValue;taint;manual", - "org.json;XMLTokener;false;nextMeta;;;Argument[-1];ReturnValue;taint;manual", - "org.json;XMLTokener;false;nextToken;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Logging.qll b/java/ql/lib/semmle/code/java/frameworks/Logging.qll deleted file mode 100644 index 4c00873781c..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Logging.qll +++ /dev/null @@ -1,340 +0,0 @@ -/** Provides classes and predicates to reason about logging. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class LoggingSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.logging.log4j;Logger;true;traceEntry;(Message);;Argument[0];ReturnValue;taint;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(String,Object[]);;Argument[0..1];ReturnValue;taint;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(String,Supplier[]);;Argument[0..1];ReturnValue;taint;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(Supplier[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage,Object);;Argument[1];ReturnValue;value;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(Message,Object);;Argument[1];ReturnValue;value;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(Object);;Argument[0];ReturnValue;value;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(String,Object);;Argument[1];ReturnValue;value;manual", - "org.slf4j.spi;LoggingEventBuilder;true;addArgument;;;Argument[1];Argument[-1];taint;manual", - "org.slf4j.spi;LoggingEventBuilder;true;addArgument;;;Argument[-1];ReturnValue;value;manual", - "org.slf4j.spi;LoggingEventBuilder;true;addKeyValue;;;Argument[1];Argument[-1];taint;manual", - "org.slf4j.spi;LoggingEventBuilder;true;addKeyValue;;;Argument[-1];ReturnValue;value;manual", - "org.slf4j.spi;LoggingEventBuilder;true;addMarker;;;Argument[-1];ReturnValue;value;manual", - "org.slf4j.spi;LoggingEventBuilder;true;setCause;;;Argument[-1];ReturnValue;value;manual", - "java.util.logging;LogRecord;false;LogRecord;;;Argument[1];Argument[-1];taint;manual" - ] - } -} - -private string jBossLogger() { result = "org.jboss.logging;" + ["BasicLogger", "Logger"] } - -private class LoggingSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - [ - // org.apache.log4j.Category - "org.apache.log4j;Category;true;assertLog;;;Argument[1];logging;manual", - "org.apache.log4j;Category;true;debug;;;Argument[0];logging;manual", - "org.apache.log4j;Category;true;error;;;Argument[0];logging;manual", - "org.apache.log4j;Category;true;fatal;;;Argument[0];logging;manual", - "org.apache.log4j;Category;true;forcedLog;;;Argument[2];logging;manual", - "org.apache.log4j;Category;true;info;;;Argument[0];logging;manual", - "org.apache.log4j;Category;true;l7dlog;(Priority,String,Object[],Throwable);;Argument[2];logging;manual", - "org.apache.log4j;Category;true;log;(Priority,Object);;Argument[1];logging;manual", - "org.apache.log4j;Category;true;log;(Priority,Object,Throwable);;Argument[1];logging;manual", - "org.apache.log4j;Category;true;log;(String,Priority,Object,Throwable);;Argument[2];logging;manual", - "org.apache.log4j;Category;true;warn;;;Argument[0];logging;manual", - // org.apache.logging.log4j.Logger - "org.apache.logging.log4j;Logger;true;" + - ["debug", "error", "fatal", "info", "trace", "warn"] + - [ - ";(CharSequence);;Argument[0];logging;manual", - ";(CharSequence,Throwable);;Argument[0];logging;manual", - ";(Marker,CharSequence);;Argument[1];logging;manual", - ";(Marker,CharSequence,Throwable);;Argument[1];logging;manual", - ";(Marker,Message);;Argument[1];logging;manual", - ";(Marker,MessageSupplier);;Argument[1];logging;manual", - ";(Marker,MessageSupplier);;Argument[1];logging;manual", - ";(Marker,MessageSupplier,Throwable);;Argument[1];logging;manual", - ";(Marker,Object);;Argument[1];logging;manual", - ";(Marker,Object,Throwable);;Argument[1];logging;manual", - ";(Marker,String);;Argument[1];logging;manual", - ";(Marker,String,Object[]);;Argument[1..2];logging;manual", - ";(Marker,String,Object);;Argument[1..2];logging;manual", - ";(Marker,String,Object,Object);;Argument[1..3];logging;manual", - ";(Marker,String,Object,Object,Object);;Argument[1..4];logging;manual", - ";(Marker,String,Object,Object,Object,Object);;Argument[1..5];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual", - ";(Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];logging;manual", - ";(Marker,String,Supplier);;Argument[1..2];logging;manual", - ";(Marker,String,Throwable);;Argument[1];logging;manual", - ";(Marker,Supplier);;Argument[1];logging;manual", - ";(Marker,Supplier,Throwable);;Argument[1];logging;manual", - ";(MessageSupplier);;Argument[0];logging;manual", - ";(MessageSupplier,Throwable);;Argument[0];logging;manual", - ";(Message);;Argument[0];logging;manual", - ";(Message,Throwable);;Argument[0];logging;manual", - ";(Object);;Argument[0];logging;manual", - ";(Object,Throwable);;Argument[0];logging;manual", - ";(String);;Argument[0];logging;manual", - ";(String,Object[]);;Argument[0..1];logging;manual", - ";(String,Object);;Argument[0..1];logging;manual", - ";(String,Object,Object);;Argument[0..2];logging;manual", - ";(String,Object,Object,Object);;Argument[0..3];logging;manual", - ";(String,Object,Object,Object,Object);;Argument[0..4];logging;manual", - ";(String,Object,Object,Object,Object,Object);;Argument[0..5];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];logging;manual", - ";(String,Supplier);;Argument[0..1];logging;manual", - ";(String,Throwable);;Argument[0];logging;manual", - ";(Supplier);;Argument[0];logging;manual", - ";(Supplier,Throwable);;Argument[0];logging;manual" - ], - "org.apache.logging.log4j;Logger;true;log" + - [ - ";(Level,CharSequence);;Argument[1];logging;manual", - ";(Level,CharSequence,Throwable);;Argument[1];logging;manual", - ";(Level,Marker,CharSequence);;Argument[2];logging;manual", - ";(Level,Marker,CharSequence,Throwable);;Argument[2];logging;manual", - ";(Level,Marker,Message);;Argument[2];logging;manual", - ";(Level,Marker,MessageSupplier);;Argument[2];logging;manual", - ";(Level,Marker,MessageSupplier);;Argument[2];logging;manual", - ";(Level,Marker,MessageSupplier,Throwable);;Argument[2];logging;manual", - ";(Level,Marker,Object);;Argument[2];logging;manual", - ";(Level,Marker,Object,Throwable);;Argument[2];logging;manual", - ";(Level,Marker,String);;Argument[2];logging;manual", - ";(Level,Marker,String,Object[]);;Argument[2..3];logging;manual", - ";(Level,Marker,String,Object);;Argument[2..3];logging;manual", - ";(Level,Marker,String,Object,Object);;Argument[2..4];logging;manual", - ";(Level,Marker,String,Object,Object,Object);;Argument[2..5];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object);;Argument[2..6];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object);;Argument[2..7];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object,Object);;Argument[2..8];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object);;Argument[2..9];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..10];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..11];logging;manual", - ";(Level,Marker,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[2..12];logging;manual", - ";(Level,Marker,String,Supplier);;Argument[2..3];logging;manual", - ";(Level,Marker,String,Throwable);;Argument[2];logging;manual", - ";(Level,Marker,Supplier);;Argument[2];logging;manual", - ";(Level,Marker,Supplier,Throwable);;Argument[2];logging;manual", - ";(Level,Message);;Argument[1];logging;manual", - ";(Level,MessageSupplier);;Argument[1];logging;manual", - ";(Level,MessageSupplier,Throwable);;Argument[1];logging;manual", - ";(Level,Message);;Argument[1];logging;manual", - ";(Level,Message,Throwable);;Argument[1];logging;manual", - ";(Level,Object);;Argument[1];logging;manual", - ";(Level,Object);;Argument[1];logging;manual", - ";(Level,String);;Argument[1];logging;manual", - ";(Level,Object,Throwable);;Argument[1];logging;manual", - ";(Level,String);;Argument[1];logging;manual", - ";(Level,String,Object[]);;Argument[1..2];logging;manual", - ";(Level,String,Object);;Argument[1..2];logging;manual", - ";(Level,String,Object,Object);;Argument[1..3];logging;manual", - ";(Level,String,Object,Object,Object);;Argument[1..4];logging;manual", - ";(Level,String,Object,Object,Object,Object);;Argument[1..5];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual", - ";(Level,String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..11];logging;manual", - ";(Level,String,Supplier);;Argument[1..2];logging;manual", - ";(Level,String,Throwable);;Argument[1];logging;manual", - ";(Level,Supplier);;Argument[1];logging;manual", - ";(Level,Supplier,Throwable);;Argument[1];logging;manual" - ], "org.apache.logging.log4j;Logger;true;entry;(Object[]);;Argument[0];logging;manual", - "org.apache.logging.log4j;Logger;true;logMessage;(Level,Marker,String,StackTraceElement,Message,Throwable);;Argument[4];logging;manual", - "org.apache.logging.log4j;Logger;true;printf;(Level,Marker,String,Object[]);;Argument[2..3];logging;manual", - "org.apache.logging.log4j;Logger;true;printf;(Level,String,Object[]);;Argument[1..2];logging;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(Message);;Argument[0];logging;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(String,Object[]);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(String,Supplier[]);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;Logger;true;traceEntry;(Supplier[]);;Argument[0];logging;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage);;Argument[0];logging;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(EntryMessage,Object);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(Message,Object);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(Object);;Argument[0];logging;manual", - "org.apache.logging.log4j;Logger;true;traceExit;(String,Object);;Argument[0..1];logging;manual", - // org.apache.logging.log4j.LogBuilder - "org.apache.logging.log4j;LogBuilder;true;log;(CharSequence);;Argument[0];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(Message);;Argument[0];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(Object);;Argument[0];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String);;Argument[0];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object[]);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object);;Argument[0..2];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object);;Argument[0..3];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object);;Argument[0..4];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object);;Argument[0..5];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object);;Argument[0..6];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(String,Supplier);;Argument[0..1];logging;manual", - "org.apache.logging.log4j;LogBuilder;true;log;(Supplier);;Argument[0];logging;manual", - // org.apache.commons.logging.Log - "org.apache.commons.logging;Log;true;" + - ["debug", "error", "fatal", "info", "trace", "warn"] + ";;;Argument[0];logging;manual", - // org.jboss.logging.BasicLogger and org.jboss.logging.Logger - // (org.jboss.logging.Logger does not implement BasicLogger in some implementations like JBoss Application Server 4.0.4) - jBossLogger() + ";true;" + ["debug", "error", "fatal", "info", "trace", "warn"] + - [ - ";(Object);;Argument[0];logging;manual", - ";(Object,Throwable);;Argument[0];logging;manual", - ";(Object,Object[]);;Argument[0..1];logging;manual", - ";(Object,Object[],Throwable);;Argument[0..1];logging;manual", - ";(String,Object,Object[],Throwable);;Argument[1..2];logging;manual", - ";(String,Object,Throwable);;Argument[1];logging;manual" - ], - jBossLogger() + ";true;log" + - [ - ";(Level,Object);;Argument[1];logging;manual", - ";(Level,Object,Object[]);;Argument[1..2];logging;manual", - ";(Level,Object,Object[],Throwable);;Argument[1..2];logging;manual", - ";(Level,Object,Throwable);;Argument[1];logging;manual", - ";(Level,String,Object,Throwable);;Argument[2];logging;manual", - ";(String,Level,Object,Object[],Throwable);;Argument[2..3];logging;manual" - ], - jBossLogger() + ";true;" + ["debug", "error", "fatal", "info", "trace", "warn"] + ["f", "v"] - + - [ - ";(String,Object[]);;Argument[0..1];logging;manual", - ";(String,Object);;Argument[0..1];logging;manual", - ";(String,Object,Object);;Argument[0..2];logging;manual", - ";(String,Object,Object,Object);;Argument[0..3];logging;manual", - ";(String,Object,Object,Object,Object);;Argument[0..4];logging;manual", - ";(Throwable,String,Object);;Argument[1..2];logging;manual", - ";(Throwable,String,Object,Object);;Argument[1..3];logging;manual", - ";(Throwable,String,Object,Object,Object);;Argument[0..4];logging;manual" - ], - jBossLogger() + ";true;log" + ["f", "v"] + - [ - ";(Level,String,Object[]);;Argument[1..2];logging;manual", - ";(Level,String,Object);;Argument[1..2];logging;manual", - ";(Level,String,Object,Object);;Argument[1..3];logging;manual", - ";(Level,String,Object,Object,Object);;Argument[1..4];logging;manual", - ";(Level,String,Object,Object,Object,Object);;Argument[1..5];logging;manual", - ";(Level,Throwable,String,Object);;Argument[2..3];logging;manual", - ";(Level,Throwable,String,Object,Object);;Argument[2..4];logging;manual", - ";(Level,Throwable,String,Object,Object,Object);;Argument[1..5];logging;manual", - ";(String,Level,Throwable,String,Object[]);;Argument[3..4];logging;manual", - ";(String,Level,Throwable,String,Object);;Argument[3..4];logging;manual", - ";(String,Level,Throwable,String,Object,Object);;Argument[3..5];logging;manual", - ";(String,Level,Throwable,String,Object,Object,Object);;Argument[3..6];logging;manual" - ], - // org.slf4j.spi.LoggingEventBuilder - "org.slf4j.spi;LoggingEventBuilder;true;log;;;Argument[0];logging;manual", - "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object);;Argument[0..1];logging;manual", - "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object[]);;Argument[0..1];logging;manual", - "org.slf4j.spi;LoggingEventBuilder;true;log;(String,Object,Object);;Argument[0..2];logging;manual", - "org.slf4j.spi;LoggingEventBuilder;true;log;(Supplier);;Argument[0];logging;manual", - // org.slf4j.Logger - "org.slf4j;Logger;true;" + ["debug", "error", "info", "trace", "warn"] + - [ - ";(String);;Argument[0];logging;manual", - ";(String,Object);;Argument[0..1];logging;manual", - ";(String,Object[]);;Argument[0..1];logging;manual", - ";(String,Object,Object);;Argument[0..2];logging;manual", - ";(String,Throwable);;Argument[0];logging;manual", - ";(Marker,String);;Argument[1];logging;manual", - ";(Marker,String,Object);;Argument[1..2];logging;manual", - ";(Marker,String,Object[]);;Argument[1..2];logging;manual", - ";(Marker,String,Object,Object);;Argument[1..3];logging;manual", - ";(Marker,String,Object,Object,Object);;Argument[1..4];logging;manual" - ], - // org.scijava.Logger - "org.scijava.log;Logger;true;alwaysLog;(int,Object,Throwable);;Argument[1];logging;manual", - "org.scijava.log;Logger;true;" + ["debug", "error", "info", "trace", "warn"] + - [ - ";(Object);;Argument[0];logging;manual", - ";(Object,Throwable);;Argument[0];logging;manual" - ], "org.scijava.log;Logger;true;log;(int,Object);;Argument[1];logging;manual", - "org.scijava.log;Logger;true;log;(int,Object,Throwable);;Argument[1];logging;manual", - // com.google.common.flogger.LoggingApi - "com.google.common.flogger;LoggingApi;true;logVarargs;;;Argument[0..1];logging;manual", - "com.google.common.flogger;LoggingApi;true;log" + - [ - ";;;Argument[0];logging;manual", ";(String,Object);;Argument[1];logging;manual", - ";(String,Object,Object);;Argument[1..2];logging;manual", - ";(String,Object,Object,Object);;Argument[1..3];logging;manual", - ";(String,Object,Object,Object,Object);;Argument[1..4];logging;manual", - ";(String,Object,Object,Object,Object,Object);;Argument[1..5];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object);;Argument[1..6];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object);;Argument[1..7];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..8];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..9];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[1..10];logging;manual", - ";(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object[]);;Argument[1..11];logging;manual", - ";(String,Object,boolean);;Argument[1];logging;manual", - ";(String,Object,char);;Argument[1];logging;manual", - ";(String,Object,byte);;Argument[1];logging;manual", - ";(String,Object,short);;Argument[1];logging;manual", - ";(String,Object,int);;Argument[1];logging;manual", - ";(String,Object,long);;Argument[1];logging;manual", - ";(String,Object,float);;Argument[1];logging;manual", - ";(String,Object,double);;Argument[1];logging;manual", - ";(String,boolean,Object);;Argument[2];logging;manual", - ";(String,char,Object);;Argument[2];logging;manual", - ";(String,byte,Object);;Argument[2];logging;manual", - ";(String,short,Object);;Argument[2];logging;manual", - ";(String,int,Object);;Argument[2];logging;manual", - ";(String,long,Object);;Argument[2];logging;manual", - ";(String,float,Object);;Argument[2];logging;manual", - ";(String,double,Object);;Argument[2];logging;manual" - ], - // java.lang.System$Logger - "java.lang;System$Logger;true;log;" + - [ - "(Level,Object);;Argument[1]", "(Level,String);;Argument[1]", - "(Level,String,Object[]);;Argument[1..2]", "(Level,String,Throwable);;Argument[1]", - "(Level,String,Supplier);;Argument[1..2]", - "(Level,String,Supplier,Throwable);;Argument[1..2]", - "(Level,ResourceBundle,String,Object[]);;Argument[2..3]", - "(Level,ResourceBundle,String,Throwable);;Argument[2]" - ] + ";logging;manual", - // java.util.logging.Logger - "java.util.logging;Logger;true;" + - ["config", "fine", "finer", "finest", "info", "severe", "warning"] + - ";;;Argument[0];logging;manual", - "java.util.logging;Logger;true;entering;(String,String);;Argument[0..1];logging;manual", - "java.util.logging;Logger;true;entering;(String,String,Object);;Argument[0..2];logging;manual", - "java.util.logging;Logger;true;entering;(String,String,Object[]);;Argument[0..2];logging;manual", - "java.util.logging;Logger;true;exiting;(String,String);;Argument[0..1];logging;manual", - "java.util.logging;Logger;true;exiting;(String,String,Object);;Argument[0..2];logging;manual", - "java.util.logging;Logger;true;log;(Level,String);;Argument[1];logging;manual", - "java.util.logging;Logger;true;log;(Level,String,Object);;Argument[1..2];logging;manual", - "java.util.logging;Logger;true;log;(Level,String,Object[]);;Argument[1..2];logging;manual", - "java.util.logging;Logger;true;log;(Level,String,Throwable);;Argument[1];logging;manual", - "java.util.logging;Logger;true;log;(Level,Supplier);;Argument[1];logging;manual", - "java.util.logging;Logger;true;log;(Level,Throwable,Supplier);;Argument[2];logging;manual", - "java.util.logging;Logger;true;log;(LogRecord);;Argument[0];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,String);;Argument[1..3];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,String,Object);;Argument[1..4];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,String,Object[]);;Argument[1..4];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,String,Throwable);;Argument[1..3];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,Supplier);;Argument[1..3];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,Throwable,Supplier);;Argument[1..2];logging;manual", - "java.util.logging;Logger;true;logp;(Level,String,String,Throwable,Supplier);;Argument[4];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Object[]);;Argument[1..2];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Object[]);;Argument[4..5];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Throwable);;Argument[1..2];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,ResourceBundle,String,Throwable);;Argument[4];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,String,String);;Argument[1..4];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Object);;Argument[1..5];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Object[]);;Argument[1..5];logging;manual", - "java.util.logging;Logger;true;logrb;(Level,String,String,String,String,Throwable);;Argument[1..4];logging;manual", - // android.util.Log - "android.util;Log;true;" + ["d", "v", "i", "w", "e", "wtf"] + - ";;;Argument[1];logging;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll index 6c16bb168bb..64b32c78003 100644 --- a/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll +++ b/java/ql/lib/semmle/code/java/frameworks/MyBatis.qll @@ -12,21 +12,6 @@ class MyBatisSqlRunner extends RefType { MyBatisSqlRunner() { this.hasQualifiedName("org.apache.ibatis.jdbc", "SqlRunner") } } -private class SqlSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "org.apache.ibatis.jdbc;SqlRunner;false;delete;(String,Object[]);;Argument[0];sql;manual", - "org.apache.ibatis.jdbc;SqlRunner;false;insert;(String,Object[]);;Argument[0];sql;manual", - "org.apache.ibatis.jdbc;SqlRunner;false;run;(String);;Argument[0];sql;manual", - "org.apache.ibatis.jdbc;SqlRunner;false;selectAll;(String,Object[]);;Argument[0];sql;manual", - "org.apache.ibatis.jdbc;SqlRunner;false;selectOne;(String,Object[]);;Argument[0];sql;manual", - "org.apache.ibatis.jdbc;SqlRunner;false;update;(String,Object[]);;Argument[0];sql;manual" - ] - } -} - /** The class `org.apache.ibatis.session.Configuration`. */ class IbatisConfiguration extends RefType { IbatisConfiguration() { this.hasQualifiedName("org.apache.ibatis.session", "Configuration") } @@ -144,74 +129,3 @@ private class MyBatisProviderStep extends TaintTracking::AdditionalValueStep { ) } } - -private class MyBatisAbstractSqlToStringStep extends SummaryModelCsv { - override predicate row(string row) { - row = "org.apache.ibatis.jdbc;AbstractSQL;true;toString;;;Argument[-1];ReturnValue;taint;manual" - } -} - -private class MyBatisAbstractSqlMethodsStep extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.ibatis.jdbc;AbstractSQL;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;WHERE;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;VALUES;(String,String);;Argument[0..1];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;UPDATE;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SET;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT_DISTINCT;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;SELECT;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;RIGHT_OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;ORDER_BY;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OFFSET_ROWS;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;OFFSET;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;LIMIT;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;LEFT_OUTER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INTO_VALUES;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INTO_COLUMNS;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INSERT_INTO;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;INNER_JOIN;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;HAVING;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;GROUP_BY;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;FROM;(String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;FETCH_FIRST_ROWS_ONLY;(String);;Argument[0];Argument[-1];taint;manual", - "org.apache.ibatis.jdbc;AbstractSQL;true;DELETE_FROM;(String);;Argument[0];Argument[-1];taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Objects.qll b/java/ql/lib/semmle/code/java/frameworks/Objects.qll deleted file mode 100644 index 1a7bbe8ef17..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Objects.qll +++ /dev/null @@ -1,18 +0,0 @@ -/** Definitions of taint steps in Objects class of the JDK */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class ObjectsSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "java.util;Objects;false;requireNonNull;;;Argument[0];ReturnValue;value;manual", - "java.util;Objects;false;requireNonNullElse;;;Argument[0];ReturnValue;value;manual", - "java.util;Objects;false;requireNonNullElse;;;Argument[1];ReturnValue;value;manual", - "java.util;Objects;false;requireNonNullElseGet;;;Argument[0];ReturnValue;value;manual", - "java.util;Objects;false;toString;;;Argument[1];ReturnValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll b/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll deleted file mode 100644 index f541eb983ee..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/OkHttp.qll +++ /dev/null @@ -1,71 +0,0 @@ -/** - * Provides classes and predicates for working with the OkHttp client. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class OkHttpOpenUrlSinks extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "okhttp3;Request;true;Request;;;Argument[0];open-url;manual", - "okhttp3;Request$Builder;true;url;;;Argument[0];open-url;manual" - ] - } -} - -private class OKHttpSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "okhttp3;HttpUrl;false;parse;;;Argument[0];ReturnValue;taint;manual", - "okhttp3;HttpUrl;false;uri;;;Argument[-1];ReturnValue;taint;manual", - "okhttp3;HttpUrl;false;url;;;Argument[-1];ReturnValue;taint;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;port;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;removeAllQueryParameters;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;removePathSegment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;scheme;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;scheme;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value;manual", - "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint;manual", - "okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Optional.qll b/java/ql/lib/semmle/code/java/frameworks/Optional.qll deleted file mode 100644 index 7716154a883..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Optional.qll +++ /dev/null @@ -1,30 +0,0 @@ -/** Definitions related to `java.util.Optional`. */ - -private import semmle.code.java.dataflow.ExternalFlow - -private class OptionalModel extends SummaryModelCsv { - override predicate row(string s) { - s = - [ - "java.util;Optional;false;filter;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Optional;false;filter;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Optional;false;flatMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Optional;false;flatMap;;;Argument[0].ReturnValue;ReturnValue;value;manual", - "java.util;Optional;false;get;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Optional;false;ifPresent;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Optional;false;ifPresentOrElse;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Optional;false;map;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util;Optional;false;map;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - "java.util;Optional;false;of;;;Argument[0];ReturnValue.Element;value;manual", - "java.util;Optional;false;ofNullable;;;Argument[0];ReturnValue.Element;value;manual", - "java.util;Optional;false;or;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util;Optional;false;or;;;Argument[0].ReturnValue;ReturnValue;value;manual", - "java.util;Optional;false;orElse;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Optional;false;orElse;;;Argument[0];ReturnValue;value;manual", - "java.util;Optional;false;orElseGet;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Optional;false;orElseGet;;;Argument[0].ReturnValue;ReturnValue;value;manual", - "java.util;Optional;false;orElseThrow;;;Argument[-1].Element;ReturnValue;value;manual", - "java.util;Optional;false;stream;;;Argument[-1].Element;ReturnValue.Element;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll b/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll deleted file mode 100644 index 4f94cd295a8..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/RabbitMQ.qll +++ /dev/null @@ -1,58 +0,0 @@ -/** - * Provides classes and predicates related to RabbitMQ. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -/** - * Defines remote sources in RabbitMQ. - */ -private class RabbitMQSource extends SourceModelCsv { - override predicate row(string row) { - row = - [ - // soruces for RabbitMQ 4.x - "com.rabbitmq.client;Command;true;getContentHeader;();;ReturnValue;remote;manual", - "com.rabbitmq.client;Command;true;getContentBody;();;ReturnValue;remote;manual", - "com.rabbitmq.client;Consumer;true;handleDelivery;(String,Envelope,BasicProperties,byte[]);;Parameter[3];remote;manual", - "com.rabbitmq.client;QueueingConsumer;true;nextDelivery;;;ReturnValue;remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCall;(Delivery,BasicProperties);;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCall;(BasicProperties,byte[],BasicProperties);;Parameter[1];remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCall;(byte[],BasicProperties);;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcServer;true;preprocessReplyProperties;(Delivery,Builder);;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcServer;true;postprocessReplyProperties;(Delivery,Builder);;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCast;(Delivery);;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCast;(BasicProperties,byte[]);;Parameter[1];remote;manual", - "com.rabbitmq.client;RpcServer;true;handleCast;(byte[]);;Parameter[0];remote;manual", - "com.rabbitmq.client;StringRpcServer;true;handleStringCall;;;Parameter[0];remote;manual", - "com.rabbitmq.client;RpcClient;true;doCall;;;ReturnValue;remote;manual", - "com.rabbitmq.client;RpcClient;true;primitiveCall;;;ReturnValue;remote;manual", - "com.rabbitmq.client;RpcClient;true;responseCall;;;ReturnValue;remote;manual", - "com.rabbitmq.client;RpcClient;true;stringCall;(String);;ReturnValue;remote;manual", - "com.rabbitmq.client;RpcClient;true;mapCall;;;ReturnValue;remote;manual", - "com.rabbitmq.client.impl;Frame;true;getInputStream;();;ReturnValue;remote;manual", - "com.rabbitmq.client.impl;Frame;true;getPayload;();;ReturnValue;remote;manual", - "com.rabbitmq.client.impl;FrameHandler;true;readFrame;();;ReturnValue;remote;manual", - ] - } -} - -/** - * Defines flow steps in RabbitMQ. - */ -private class RabbitMQSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - // flow steps for RabbitMQ 4.x - "com.rabbitmq.client;GetResponse;true;GetResponse;;;Argument[2];Argument[-1];taint;manual", - "com.rabbitmq.client;GetResponse;true;getBody;();;Argument[-1];ReturnValue;taint;manual", - "com.rabbitmq.client;RpcClient$Response;true;getBody;();;Argument[-1];ReturnValue;taint;manual", - "com.rabbitmq.client;QueueingConsumer$Delivery;true;getBody;();;Argument[-1];ReturnValue;taint;manual", - "com.rabbitmq.client.impl;Frame;false;fromBodyFragment;(int,byte[],int,int);;Argument[1];ReturnValue;taint;manual", - "com.rabbitmq.client.impl;Frame;false;readFrom;(DataInputStream);;Argument[0];ReturnValue;taint;manual", - "com.rabbitmq.client.impl;Frame;true;writeTo;(DataOutputStream);;Argument[-1];Argument[0];taint;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Regex.qll b/java/ql/lib/semmle/code/java/frameworks/Regex.qll index 790255c9703..687e983eab6 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Regex.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Regex.qll @@ -22,20 +22,3 @@ class PatternLiteralField extends Field { this.hasName("LITERAL") } } - -private class RegexModel extends SummaryModelCsv { - override predicate row(string s) { - s = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "java.util.regex;Matcher;false;group;;;Argument[-1];ReturnValue;taint;manual", - "java.util.regex;Matcher;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual", - "java.util.regex;Matcher;false;replaceAll;;;Argument[0];ReturnValue;taint;manual", - "java.util.regex;Matcher;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual", - "java.util.regex;Matcher;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual", - "java.util.regex;Pattern;false;matcher;;;Argument[0];ReturnValue;taint;manual", - "java.util.regex;Pattern;false;quote;;;Argument[0];ReturnValue;taint;manual", - "java.util.regex;Pattern;false;split;;;Argument[0];ReturnValue;taint;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll b/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll deleted file mode 100644 index db79cb84515..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Retrofit.qll +++ /dev/null @@ -1,12 +0,0 @@ -/** - * Provides classes and predicates for working with the Retrofit API client. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class RetrofitOpenUrlSinks extends SinkModelCsv { - override predicate row(string row) { - row = "retrofit2;Retrofit$Builder;true;baseUrl;;;Argument[0];open-url;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll b/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll index f0a75c8f3b9..fb729f5c00e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll +++ b/java/ql/lib/semmle/code/java/frameworks/SpringJdbc.qll @@ -9,45 +9,3 @@ private import semmle.code.java.dataflow.ExternalFlow class JdbcTemplate extends RefType { JdbcTemplate() { this.hasQualifiedName("org.springframework.jdbc.core", "JdbcTemplate") } } - -private class SqlSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;(String[]);;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;batchUpdate;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;execute;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;update;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;query;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;queryForList;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;queryForMap;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;queryForObject;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;queryForRowSet;;;Argument[0];sql;manual", - "org.springframework.jdbc.core;JdbcTemplate;false;queryForStream;;;Argument[0];sql;manual", - "org.springframework.jdbc.object;BatchSqlUpdate;false;BatchSqlUpdate;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;MappingSqlQuery;false;BatchSqlUpdate;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;MappingSqlQueryWithParameters;false;BatchSqlUpdate;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;RdbmsOperation;true;setSql;;;Argument[0];sql;manual", - "org.springframework.jdbc.object;SqlCall;false;SqlCall;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;SqlFunction;false;SqlFunction;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;SqlQuery;false;SqlQuery;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;SqlUpdate;false;SqlUpdate;;;Argument[1];sql;manual", - "org.springframework.jdbc.object;UpdatableSqlQuery;false;UpdatableSqlQuery;;;Argument[1];sql;manual" - ] - } -} - -private class SsrfSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "org.springframework.boot.jdbc;DataSourceBuilder;false;url;(String);;Argument[0];jdbc-url;manual", - "org.springframework.jdbc.datasource;AbstractDriverBasedDataSource;false;setUrl;(String);;Argument[0];jdbc-url;manual", - "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String);;Argument[0];jdbc-url;manual", - "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String,String,String);;Argument[0];jdbc-url;manual", - "org.springframework.jdbc.datasource;DriverManagerDataSource;false;DriverManagerDataSource;(String,Properties);;Argument[0];jdbc-url;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Stream.qll b/java/ql/lib/semmle/code/java/frameworks/Stream.qll index 0c1347044c5..af157d78740 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Stream.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Stream.qll @@ -96,95 +96,3 @@ private class RequiredComponentStackForCollect extends RequiredSummaryComponentS tail = SummaryComponentStack::return() } } - -private class StreamModel extends SummaryModelCsv { - override predicate row(string s) { - s = - [ - "java.util.stream;BaseStream;true;iterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;BaseStream;true;onClose;(Runnable);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;BaseStream;true;parallel;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;BaseStream;true;sequential;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;BaseStream;true;spliterator;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;BaseStream;true;unordered;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;allMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;anyMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[0].ReturnValue;Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];ReturnValue;value;manual", - "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[1].Parameter[0];Argument[2].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[2].Parameter[0..1];Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;collect;(Supplier,BiConsumer,BiConsumer);;Argument[-1].Element;Argument[1].Parameter[1];value;manual", - // collect(Collector collector) is handled separately on a case-by-case basis as it is too complex for MaD - "java.util.stream;Stream;true;concat;(Stream,Stream);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;distinct;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;dropWhile;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;filter;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;filter;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;findAny;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;findFirst;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;flatMap;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;flatMap;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;flatMapToDouble;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;flatMapToInt;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;flatMapToLong;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;forEach;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;forEachOrdered;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;generate;(Supplier);;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[0];ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[0];Argument[1..2].Parameter[0];value;manual", - "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[2].ReturnValue;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;iterate;(Object,Predicate,UnaryOperator);;Argument[2].ReturnValue;Argument[1..2].Parameter[0];value;manual", - "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[0];ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[0];Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[1].ReturnValue;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;iterate;(Object,UnaryOperator);;Argument[1].ReturnValue;Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;limit;(long);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;map;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;map;(Function);;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - // Missing for mapMulti(BiConsumer) (not currently supported): - // Argument[0] of Parameter[1] of Argument[0] -> Element of Parameter[1] of Argument[0] - // Element of Parameter[1] of Argument[0] -> Element of ReturnValue - "java.util.stream;Stream;true;mapMulti;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapMultiToDouble;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapMultiToInt;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapMultiToLong;(BiConsumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapToDouble;(ToDoubleFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapToInt;(ToIntFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;mapToLong;(ToLongFunction);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;max;(Comparator);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;max;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;min;(Comparator);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;min;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;noneMatch;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;ofNullable;(Object);;Argument[0];ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;peek;(Consumer);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;peek;(Consumer);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[0].ReturnValue;Argument[0].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(BinaryOperator);;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[-1].Element;Argument[1].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[0];Argument[1].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[0];ReturnValue;value;manual", - "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[1].ReturnValue;Argument[1].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BinaryOperator);;Argument[1].ReturnValue;ReturnValue;value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[-1].Element;Argument[1].Parameter[1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];Argument[2].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[0];ReturnValue;value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;Argument[1].Parameter[0];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;Argument[2].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;reduce;(Object,BiFunction,BinaryOperator);;Argument[1..2].ReturnValue;ReturnValue;value;manual", - "java.util.stream;Stream;true;skip;(long);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;sorted;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;sorted;(Comparator);;Argument[-1].Element;Argument[0].Parameter[0..1];value;manual", - "java.util.stream;Stream;true;takeWhile;(Predicate);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "java.util.stream;Stream;true;takeWhile;(Predicate);;Argument[-1].Element;ReturnValue.Element;value;manual", - "java.util.stream;Stream;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - "java.util.stream;Stream;true;toList;();;Argument[-1].Element;ReturnValue.Element;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Strings.qll b/java/ql/lib/semmle/code/java/frameworks/Strings.qll deleted file mode 100644 index c09b959254d..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Strings.qll +++ /dev/null @@ -1,70 +0,0 @@ -/** Definitions of taint steps in String and String-related classes of the JDK */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class StringSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "java.lang;String;false;concat;(String);;Argument[0];ReturnValue;taint;manual", - "java.lang;String;false;concat;(String);;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;copyValueOf;;;Argument[0];ReturnValue;taint;manual", - "java.lang;String;false;endsWith;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;format;(Locale,String,Object[]);;Argument[1];ReturnValue;taint;manual", - "java.lang;String;false;format;(Locale,String,Object[]);;Argument[2].ArrayElement;ReturnValue;taint;manual", - "java.lang;String;false;format;(String,Object[]);;Argument[0];ReturnValue;taint;manual", - "java.lang;String;false;format;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "java.lang;String;false;formatted;(Object[]);;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;formatted;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "java.lang;String;false;getChars;;;Argument[-1];Argument[2];taint;manual", - "java.lang;String;false;getBytes;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;getBytes;;;Argument[-1];Argument[2];taint;manual", - "java.lang;String;false;indent;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;intern;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;join;;;Argument[0..1];ReturnValue;taint;manual", - "java.lang;String;false;repeat;(int);;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;replace;;;Argument[1];ReturnValue;taint;manual", - "java.lang;String;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;replaceAll;;;Argument[1];ReturnValue;taint;manual", - "java.lang;String;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;replaceFirst;;;Argument[1];ReturnValue;taint;manual", - "java.lang;String;false;split;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;String;;;Argument[0];Argument[-1];taint;manual", - "java.lang;String;false;strip;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;stripIndent;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;stripLeading;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;stripTrailing;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;substring;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;toLowerCase;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;toString;;;Argument[-1];ReturnValue;value;manual", - "java.lang;String;false;toUpperCase;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;translateEscapes;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;trim;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint;manual", - "java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint;manual", - "java.lang;String;false;valueOf;(char[]);;Argument[0];ReturnValue;taint;manual", - "java.lang;AbstractStringBuilder;true;AbstractStringBuilder;(String);;Argument[0];Argument[-1];taint;manual", - "java.lang;AbstractStringBuilder;true;append;;;Argument[0];Argument[-1];taint;manual", - "java.lang;AbstractStringBuilder;true;append;;;Argument[-1];ReturnValue;value;manual", - "java.lang;AbstractStringBuilder;true;getChars;;;Argument[-1];Argument[2];taint;manual", - "java.lang;AbstractStringBuilder;true;insert;;;Argument[1];Argument[-1];taint;manual", - "java.lang;AbstractStringBuilder;true;insert;;;Argument[-1];ReturnValue;value;manual", - "java.lang;AbstractStringBuilder;true;replace;;;Argument[-1];ReturnValue;value;manual", - "java.lang;AbstractStringBuilder;true;replace;;;Argument[2];Argument[-1];taint;manual", - "java.lang;AbstractStringBuilder;true;reverse;;;Argument[-1];ReturnValue;value;manual", - "java.lang;AbstractStringBuilder;true;subSequence;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;AbstractStringBuilder;true;substring;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;AbstractStringBuilder;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;StringBuffer;true;StringBuffer;(CharSequence);;Argument[0];Argument[-1];taint;manual", - "java.lang;StringBuffer;true;StringBuffer;(String);;Argument[0];Argument[-1];taint;manual", - "java.lang;StringBuilder;true;StringBuilder;;;Argument[0];Argument[-1];taint;manual", - "java.lang;CharSequence;true;charAt;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;CharSequence;true;subSequence;;;Argument[-1];ReturnValue;taint;manual", - "java.lang;CharSequence;true;toString;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll b/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll deleted file mode 100644 index 3c550d5441c..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll +++ /dev/null @@ -1,16 +0,0 @@ -/** - * Provides classes and predicates for working with the Thymeleaf template engine. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class ThymeleafSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.thymeleaf;TemplateSpec;false;TemplateSpec;;;Argument[0];Argument[-1];taint;manual", - "org.thymeleaf;TemplateSpec;false;getTemplate;;;Argument[-1];ReturnValue;taint;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll index 30f087408af..7b76302bc05 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Android.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Android.qll @@ -103,74 +103,6 @@ class AndroidContentResolver extends AndroidComponent { } } -private class UriModel extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "android.net;Uri;true;buildUpon;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;false;decode;;;Argument[0];ReturnValue;taint;manual", - "android.net;Uri;false;encode;;;Argument[0];ReturnValue;taint;manual", - "android.net;Uri;false;fromFile;;;Argument[0];ReturnValue;taint;manual", - "android.net;Uri;false;fromParts;;;Argument[0..2];ReturnValue;taint;manual", - "android.net;Uri;true;getAuthority;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedAuthority;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedFragment;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedPath;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedQuery;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getEncodedUserInfo;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getFragment;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getHost;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getLastPathSegment;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getPath;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getPathSegments;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getQuery;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getQueryParameter;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getQueryParameterNames;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getQueryParameters;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getScheme;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;getUserInfo;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;true;normalizeScheme;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;false;parse;;;Argument[0];ReturnValue;taint;manual", - "android.net;Uri;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri;false;withAppendedPath;;;Argument[0..1];ReturnValue;taint;manual", - "android.net;Uri;false;writeToParcel;;;Argument[1];Argument[0];taint;manual", - "android.net;Uri$Builder;false;appendEncodedPath;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;appendEncodedPath;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;appendPath;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;appendPath;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;appendQueryParameter;;;Argument[0..1];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;appendQueryParameter;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;authority;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;authority;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "android.net;Uri$Builder;false;clearQuery;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;encodedAuthority;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;encodedAuthority;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;encodedOpaquePart;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;encodedOpaquePart;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;fragment;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;fragment;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;opaquePart;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;opaquePart;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;path;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;path;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;query;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;query;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;scheme;;;Argument[0];Argument[-1];taint;manual", - "android.net;Uri$Builder;false;scheme;;;Argument[-1];ReturnValue;value;manual", - "android.net;Uri$Builder;false;toString;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} - /** Interface for classes whose instances can be written to and restored from a Parcel. */ class TypeParcelable extends Interface { TypeParcelable() { this.hasQualifiedName("android.os", "Parcelable") } @@ -185,29 +117,3 @@ class CreateFromParcelMethod extends Method { this.getEnclosingCallable().getDeclaringType().getAnAncestor() instanceof TypeParcelable } } - -private class ParcelPropagationModels extends SummaryModelCsv { - override predicate row(string s) { - // Parcel readers that return their value - s = - "android.os;Parcel;false;read" + - [ - "Array", "ArrayList", "Boolean", "Bundle", "Byte", "Double", "FileDescriptor", "Float", - "HashMap", "Int", "Long", "Parcelable", "ParcelableArray", "PersistableBundle", - "Serializable", "Size", "SizeF", "SparseArray", "SparseBooleanArray", "String", - "StrongBinder", "TypedObject", "Value" - ] + ";;;Argument[-1];ReturnValue;taint;manual" - or - // Parcel readers that write to an existing object - s = - "android.os;Parcel;false;read" + - [ - "BinderArray", "BinderList", "BooleanArray", "ByteArray", "CharArray", "DoubleArray", - "FloatArray", "IntArray", "List", "LongArray", "Map", "ParcelableList", "StringArray", - "StringList", "TypedArray", "TypedList" - ] + ";;;Argument[-1];Argument[0];taint;manual" - or - // One Parcel method that aliases an argument to a return value - s = "android.os;Parcel;false;readParcelableList;;;Argument[0];ReturnValue;value;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll b/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll index bf47e98b8fb..df51d59063e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/ContentProviders.qll @@ -9,107 +9,3 @@ private import semmle.code.java.dataflow.ExternalFlow class ContentValues extends Class { ContentValues() { this.hasQualifiedName("android.content", "ContentValues") } } - -private class ContentProviderSourceModels extends SourceModelCsv { - override predicate row(string row) { - row = - [ - // ContentInterface models are here for backwards compatibility (it was removed in API 28) - "android.content;ContentInterface;true;call;(String,String,String,Bundle);;Parameter[0..3];contentprovider;manual", - "android.content;ContentProvider;true;call;(String,String,String,Bundle);;Parameter[0..3];contentprovider;manual", - "android.content;ContentProvider;true;call;(String,String,Bundle);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Parameter[0..2];contentprovider;manual", - "android.content;ContentInterface;true;delete;(Uri,Bundle);;Parameter[0..1];contentprovider;manual", - "android.content;ContentProvider;true;delete;(Uri,Bundle);;Parameter[0..1];contentprovider;manual", - "android.content;ContentInterface;true;getType;(Uri);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;getType;(Uri);;Parameter[0];contentprovider;manual", - "android.content;ContentInterface;true;insert;(Uri,ContentValues,Bundle);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;insert;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;insert;(Uri,ContentValues);;Parameter[0..1];contentprovider;manual", - "android.content;ContentInterface;true;openAssetFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;openAssetFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;openAssetFile;(Uri,String);;Parameter[0];contentprovider;manual", - "android.content;ContentInterface;true;openTypedAssetFile;(Uri,String,Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;openTypedAssetFile;(Uri,String,Bundle);;Parameter[0..2];contentprovider;manual", - "android.content;ContentInterface;true;openFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;openFile;(Uri,String,CancellationSignal);;Parameter[0];contentprovider;manual", - "android.content;ContentProvider;true;openFile;(Uri,String);;Parameter[0];contentprovider;manual", - "android.content;ContentInterface;true;query;(Uri,String[],Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;query;(Uri,String[],Bundle,CancellationSignal);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Parameter[0..4];contentprovider;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Parameter[0..4];contentprovider;manual", - "android.content;ContentInterface;true;update;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;update;(Uri,ContentValues,Bundle);;Parameter[0..2];contentprovider;manual", - "android.content;ContentProvider;true;update;(Uri,ContentValues,String,String[]);;Parameter[0..3];contentprovider;manual" - ] - } -} - -private class SummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "android.content;ContentValues;false;put;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.content;ContentValues;false;put;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.content;ContentValues;false;putAll;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "android.content;ContentValues;false;putAll;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "android.content;ContentResolver;true;acquireContentProviderClient;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;acquireUnstableContentProviderClient;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;applyBatch;;;Argument[1];ReturnValue;taint;manual", - "android.content;ContentResolver;true;call;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;canonicalize;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;getStreamTypes;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;getType;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;insert;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;query;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;uncanonicalize;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;wrap;;;Argument[0];ReturnValue;taint;manual", - // ContentProviderClient is tainted at its creation, not by its arguments - "android.content;ContentProviderClient;true;applyBatch;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;call;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;canonicalize;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;getLocalContentProvider;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;getStreamTypes;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;insert;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;query;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderClient;true;uncanonicalize;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;apply;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;apply;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;getUri;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;newAssertQuery;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;newCall;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;newDelete;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;newInsert;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;newUpdate;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;resolveExtrasBackReferences;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;resolveSelectionArgsBackReferences;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation;false;resolveValueBackReferences;;;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProviderOperation$Builder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ContentProviderOperation$Builder;false;withExceptionAllowed;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withExpectedCount;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withExtraBackReference;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withExtras;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withSelection;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withSelectionBackReference;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withValue;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withValueBackReference;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withValues;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderOperation$Builder;false;withYieldAllowed;;;Argument[-1];ReturnValue;value;manual", - "android.content;ContentProviderResult;false;ContentProviderResult;(Uri);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.uri];value;manual", - "android.content;ContentProviderResult;false;ContentProviderResult;(Bundle);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.extras];value;manual", - "android.content;ContentProviderResult;false;ContentProviderResult;(Throwable);;Argument[0];Argument[-1].Field[android.content.ContentProviderResult.exception];value;manual", - "android.content;ContentProviderResult;false;ContentProviderResult;(Parcel);;Argument[0];Argument[-1];taint;manual", - "android.database;Cursor;true;copyStringToBuffer;;;Argument[-1];Argument[1];taint;manual", - "android.database;Cursor;true;getBlob;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getColumnName;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getColumnNames;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getExtras;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getNotificationUri;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getNotificationUris;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;getString;;;Argument[-1];ReturnValue;taint;manual", - "android.database;Cursor;true;respond;;;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll b/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll index 1e6919c023b..7eb088a9514 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/ExternalStorage.qll @@ -5,21 +5,6 @@ private import semmle.code.java.security.FileReadWrite private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow -private class ExternalStorageDirSourceModel extends SourceModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "android.content;Context;true;getExternalFilesDir;(String);;ReturnValue;android-external-storage-dir;manual", - "android.content;Context;true;getExternalFilesDirs;(String);;ReturnValue;android-external-storage-dir;manual", - "android.content;Context;true;getExternalCacheDir;();;ReturnValue;android-external-storage-dir;manual", - "android.content;Context;true;getExternalCacheDirs;();;ReturnValue;android-external-storage-dir;manual", - "android.os;Environment;false;getExternalStorageDirectory;();;ReturnValue;android-external-storage-dir;manual", - "android.os;Environment;false;getExternalStoragePublicDirectory;(String);;ReturnValue;android-external-storage-dir;manual", - ] - } -} - private predicate externalStorageFlowStep(DataFlow::Node node1, DataFlow::Node node2) { DataFlow::localFlowStep(node1, node2) or diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll index e37e7f350b8..4f6e9e3f5e4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Intent.qll @@ -421,196 +421,3 @@ private class StartServiceIntentStep extends AdditionalValueStep { ) } } - -private class IntentBundleFlowSteps extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //"namespace;type;subtypes;name;signature;ext;input;output;kind" - "android.os;BaseBundle;true;get;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;BaseBundle;true;getString;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;BaseBundle;true;getString;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;BaseBundle;true;getString;(String,String);;Argument[1];ReturnValue;value;manual", - "android.os;BaseBundle;true;getStringArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;BaseBundle;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - "android.os;BaseBundle;true;putAll;(PersistableBundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putAll;(PersistableBundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "android.os;BaseBundle;true;putBoolean;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putBooleanArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putDouble;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putDoubleArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putInt;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putIntArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putLong;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putLongArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putString;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putString;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;BaseBundle;true;putStringArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;BaseBundle;true;putStringArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;false;Bundle;(Bundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "android.os;Bundle;false;Bundle;(Bundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "android.os;Bundle;false;Bundle;(PersistableBundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "android.os;Bundle;false;Bundle;(PersistableBundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;clone;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "android.os;Bundle;true;clone;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - // model for Bundle.deepCopy is not fully precise, as some map values aren't copied by value - "android.os;Bundle;true;deepCopy;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "android.os;Bundle;true;deepCopy;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "android.os;Bundle;true;getBinder;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getBundle;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getByteArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getCharArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getCharSequence;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getCharSequence;(String,CharSequence);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getCharSequence;(String,CharSequence);;Argument[1];ReturnValue;value;manual", - "android.os;Bundle;true;getCharSequenceArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getCharSequenceArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getParcelable;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getParcelableArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getParcelableArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getSerializable;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getSparseParcelableArray;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;getStringArrayList;(String);;Argument[-1].MapValue;ReturnValue;value;manual", - "android.os;Bundle;true;putAll;(Bundle);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putAll;(Bundle);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putBinder;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putBinder;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putBundle;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putBundle;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putByte;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putByteArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putByteArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putChar;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putCharArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putCharArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putCharSequence;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putCharSequence;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putCharSequenceArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putCharSequenceArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putCharSequenceArrayList;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putCharSequenceArrayList;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putFloat;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putFloatArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putIntegerArrayList;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putParcelable;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putParcelable;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putParcelableArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putParcelableArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putParcelableArrayList;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putParcelableArrayList;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putSerializable;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putSerializable;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putShort;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putShortArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putSize;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putSizeF;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putSparseParcelableArray;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putSparseParcelableArray;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;putStringArrayList;;;Argument[0];Argument[-1].MapKey;value;manual", - "android.os;Bundle;true;putStringArrayList;;;Argument[1];Argument[-1].MapValue;value;manual", - "android.os;Bundle;true;readFromParcel;;;Argument[0];Argument[-1].MapKey;taint;manual", - "android.os;Bundle;true;readFromParcel;;;Argument[0];Argument[-1].MapValue;taint;manual", - // currently only the Extras part of the intent and the data field are fully modeled - "android.content;Intent;false;Intent;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;false;Intent;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;false;Intent;(String,Uri);;Argument[1];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;false;Intent;(String,Uri,Context,Class);;Argument[1];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;true;addCategory;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;addFlags;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;false;createChooser;;;Argument[0..2];ReturnValue.SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;getBundleExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getByteArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getCharArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getCharSequenceArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getCharSequenceArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getCharSequenceExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getData;;;Argument[-1].SyntheticField[android.content.Intent.data];ReturnValue;value;manual", - "android.content;Intent;true;getDataString;;;Argument[-1].SyntheticField[android.content.Intent.data];ReturnValue;taint;manual", - "android.content;Intent;true;getExtras;();;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "android.content;Intent;false;getIntent;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual", - "android.content;Intent;false;getIntentOld;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual", - "android.content;Intent;true;getParcelableArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getParcelableArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getParcelableExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getSerializableExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getStringArrayExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getStringArrayListExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;true;getStringExtra;(String);;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;ReturnValue;value;manual", - "android.content;Intent;false;parseUri;;;Argument[0];ReturnValue.SyntheticField[android.content.Intent.data];taint;manual", - "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putCharSequenceArrayListExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putExtras;(Bundle);;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putExtras;(Bundle);;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putExtras;(Bundle);;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putExtras;(Intent);;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putIntegerArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putIntegerArrayListExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putParcelableArrayListExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;putStringArrayListExtra;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;putStringArrayListExtra;;;Argument[1];Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;putStringArrayListExtra;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;replaceExtras;(Bundle);;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;replaceExtras;(Bundle);;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;replaceExtras;(Bundle);;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;replaceExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.content;Intent;true;replaceExtras;(Intent);;Argument[0].SyntheticField[android.content.Intent.extras].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.content;Intent;true;replaceExtras;(Intent);;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setAction;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setClass;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setClassName;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setComponent;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setData;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setData;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;true;setDataAndNormalize;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setDataAndNormalize;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;true;setDataAndType;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setDataAndType;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;true;setDataAndTypeAndNormalize;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setDataAndTypeAndNormalize;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.data];value;manual", - "android.content;Intent;true;setFlags;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setIdentifier;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setPackage;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setType;;;Argument[-1];ReturnValue;value;manual", - "android.content;Intent;true;setTypeAndNormalize;;;Argument[-1];ReturnValue;value;manual" - ] - } -} - -private class IntentComponentTaintSteps extends SummaryModelCsv { - override predicate row(string s) { - s = - [ - "android.content;Intent;true;Intent;(Intent);;Argument[0];Argument[-1];taint;manual", - "android.content;Intent;true;Intent;(Context,Class);;Argument[1];Argument[-1];taint;manual", - "android.content;Intent;true;Intent;(String,Uri,Context,Class);;Argument[3];Argument[-1];taint;manual", - "android.content;Intent;true;getIntent;(String);;Argument[0];ReturnValue;taint;manual", - "android.content;Intent;true;getIntentOld;(String);;Argument[0];ReturnValue;taint;manual", - "android.content;Intent;true;parseUri;(String,int);;Argument[0];ReturnValue;taint;manual", - "android.content;Intent;true;setPackage;;;Argument[0];Argument[-1];taint;manual", - "android.content;Intent;true;setClass;;;Argument[1];Argument[-1];taint;manual", - "android.content;Intent;true;setClassName;(Context,String);;Argument[1];Argument[-1];taint;manual", - "android.content;Intent;true;setClassName;(String,String);;Argument[0..1];Argument[-1];taint;manual", - "android.content;Intent;true;setComponent;;;Argument[0];Argument[-1];taint;manual", - "android.content;ComponentName;false;ComponentName;(String,String);;Argument[0..1];Argument[-1];taint;manual", - "android.content;ComponentName;false;ComponentName;(Context,String);;Argument[1];Argument[-1];taint;manual", - "android.content;ComponentName;false;ComponentName;(Context,Class);;Argument[1];Argument[-1];taint;manual", - "android.content;ComponentName;false;ComponentName;(Parcel);;Argument[0];Argument[-1];taint;manual", - "android.content;ComponentName;false;createRelative;(String,String);;Argument[0..1];ReturnValue;taint;manual", - "android.content;ComponentName;false;createRelative;(Context,String);;Argument[1];ReturnValue;taint;manual", - "android.content;ComponentName;false;flattenToShortString;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ComponentName;false;flattenToString;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ComponentName;false;getClassName;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ComponentName;false;getPackageName;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ComponentName;false;getShortClassName;;;Argument[-1];ReturnValue;taint;manual", - "android.content;ComponentName;false;unflattenFromString;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll b/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll deleted file mode 100644 index 0f69f0bbe1d..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/android/Notifications.qll +++ /dev/null @@ -1,101 +0,0 @@ -/** Provides classes and predicates related to Android notifications. */ - -import java -private import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.ExternalFlow -private import semmle.code.java.dataflow.FlowSteps - -private class NotificationBuildersSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "android.app;Notification$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "android.app;Notification$Action;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "android.app;Notification$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "android.app;Notification$Action$Builder;true;Builder;(Icon,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "android.app;Notification$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$Action$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.app;Notification$Action$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.app;Notification$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual", - "android.app;Notification$Action$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.SyntheticField[android.content.Intent.extras];value;manual", - "android.app;Notification$Action$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "androidx.core.app;NotificationCompat$Action;true;Action;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Action;true;Action;(IconCompat,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Action;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(IconCompat,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;Builder;(Action);;Argument[0];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.SyntheticField[android.content.Intent.extras];value;manual", - "androidx.core.app;NotificationCompat$Action$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "android.app;Notification$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "android.app;Notification$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "android.app;Notification$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "android.app;Notification$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual", - "android.app;Notification$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.Field[android.app.Notification.extras];value;manual", - "android.app;Notification$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "android.app;Notification$Builder;true;recoverBuilder;;;Argument[1];ReturnValue;taint;manual", - "android.app;Notification$Builder;true;setActions;;;Argument[0].ArrayElement;Argument[-1];taint;manual", - "android.app;Notification$Builder;true;setExtras;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras];value;manual", - "android.app;Notification$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;addAction;(int,CharSequence,PendingIntent);;Argument[2];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;addAction;(Action);;Argument[0];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;addExtras;;;Argument[0].MapKey;Argument[-1].SyntheticField[android.content.Intent.extras].MapKey;value;manual", - "androidx.core.app;NotificationCompat$Builder;true;addExtras;;;Argument[0].MapValue;Argument[-1].SyntheticField[android.content.Intent.extras].MapValue;value;manual", - "androidx.core.app;NotificationCompat$Builder;true;build;;;Argument[-1];ReturnValue;taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;build;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue.Field[android.app.Notification.extras];value;manual", - "androidx.core.app;NotificationCompat$Builder;true;setContentIntent;;;Argument[0];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;getExtras;;;Argument[-1].SyntheticField[android.content.Intent.extras];ReturnValue;value;manual", - "androidx.core.app;NotificationCompat$Builder;true;setExtras;;;Argument[0];Argument[-1].SyntheticField[android.content.Intent.extras];value;manual", - "androidx.core.app;NotificationCompat$Builder;true;setDeleteIntent;;;Argument[0];Argument[-1];taint;manual", - "androidx.core.app;NotificationCompat$Builder;true;setPublicVersion;;;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$Style;true;build;;;Argument[-1];ReturnValue;taint;manual", - "android.app;Notification$BigPictureStyle;true;BigPictureStyle;(Builder);;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$BigTextStyle;true;BigTextStyle;(Builder);;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$InboxStyle;true;InboxStyle;(Builder);;Argument[0];Argument[-1];taint;manual", - "android.app;Notification$MediaStyle;true;MediaStyle;(Builder);;Argument[0];Argument[-1];taint;manual", - // Fluent models - ["android.app;Notification", "androidx.core.app;NotificationCompat"] + - "$Action$Builder;true;" + - [ - "addExtras", "addRemoteInput", "extend", "setAllowGeneratedReplies", - "setAuthenticationRequired", "setContextual", "setSemanticAction" - ] + ";;;Argument[-1];ReturnValue;value;manual", - ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$Builder;true;" + - [ - "addAction", "addExtras", "addPerson", "extend", "setActions", "setAutoCancel", - "setBadgeIconType", "setBubbleMetadata", "setCategory", "setChannelId", - "setChronometerCountDown", "setColor", "setColorized", "setContent", "setContentInfo", - "setContentIntent", "setContentText", "setContentTitle", "setCustomBigContentView", - "setCustomHeadsUpContentView", "setDefaults", "setDeleteIntent", "setExtras", "setFlag", - "setForegroundServiceBehavior", "setFullScreenIntent", "setGroup", - "setGroupAlertBehavior", "setGroupSummary", "setLargeIcon", "setLights", "setLocalOnly", - "setLocusId", "setNumber", "setOngoing", "setOnlyAlertOnce", "setPriority", - "setProgress", "setPublicVersion", "setRemoteInputHistory", "setSettingsText", - "setShortcutId", "setShowWhen", "setSmallIcon", "setSortKey", "setSound", "setStyle", - "setSubText", "setTicker", "setTimeoutAfter", "setUsesChronometer", "setVibrate", - "setVisibility", "setWhen" - ] + ";;;Argument[-1];ReturnValue;value;manual", - ["android.app;Notification", "androidx.core.app;NotificationCompat"] + - "$BigPictureStyle;true;" + - [ - "bigLargeIcon", "bigPicture", "setBigContentTitle", "setContentDescription", - "setSummaryText", "showBigPictureWhenCollapsed" - ] + ";;;Argument[-1];ReturnValue;value;manual", - ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$BigTextStyle;true;" - + ["bigText", "setBigContentTitle", "setSummaryText"] + - ";;;Argument[-1];ReturnValue;value;manual", - ["android.app;Notification", "androidx.core.app;NotificationCompat"] + "$InboxStyle;true;" + - ["addLine", "setBigContentTitle", "setSummaryText"] + - ";;;Argument[-1];ReturnValue;value;manual", - "android.app;Notification$MediaStyle;true;" + - ["setMediaSession", "setShowActionsInCompactView"] + - ";;;Argument[-1];ReturnValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll index 5f1c1b19171..eb6765de9e4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/SQLite.qll @@ -41,138 +41,3 @@ class TypeSQLiteOpenHelper extends Class { class TypeSQLiteStatement extends Class { TypeSQLiteStatement() { this.hasQualifiedName("android.database.sqlite", "SQLiteStatement") } } - -private class SQLiteSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;spec;kind" - "android.database.sqlite;SQLiteDatabase;false;compileStatement;(String);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;execSQL;(String);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;execSQL;(String,Object[]);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;execPerConnectionSQL;(String,Object[]);;Argument[0];sql;manual", - // query(boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit) - // query(boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal) - // query(String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit) - // query(String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy) - // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit, CancellationSignal cancellationSignal) - // queryWithFactory(SQLiteDatabase.CursorFactory cursorFactory, boolean distinct, String table, String[] columns, String selection, String[] selectionArgs, String groupBy, String having, String orderBy, String limit) - // Each String / String[] arg except for selectionArgs is a sink - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String,String);;Argument[4..7];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[0..2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(String,String[],String,String[],String,String,String);;Argument[4..6];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String);;Argument[5..8];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;query;(boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[5..8];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[3];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[4];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String);;Argument[6..9];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[3];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;queryWithFactory;(CursorFactory,boolean,String,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[6..9];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;rawQuery;(String,String[]);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;rawQuery;(String,String[],CancellationSignal);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;rawQueryWithFactory;(CursorFactory,String,String[],String);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;rawQueryWithFactory;(CursorFactory,String,String[],String,CancellationSignal);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;delete;(String,String,String[]);;Argument[0..1];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;update;(String,ContentValues,String,String[]);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;update;(String,ContentValues,String,String[]);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;updateWithOnConflict;(String,ContentValues,String,String[],int);;Argument[0];sql;manual", - "android.database.sqlite;SQLiteDatabase;false;updateWithOnConflict;(String,ContentValues,String,String[],int);;Argument[2];sql;manual", - "android.database;DatabaseUtils;false;longForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual", - "android.database;DatabaseUtils;false;stringForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual", - "android.database;DatabaseUtils;false;blobFileDescriptorForQuery;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual", - "android.database;DatabaseUtils;false;createDbFromSqlStatements;(Context,String,int,String);;Argument[3];sql;manual", - "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String);;Argument[1];sql;manual", - "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String,String);;Argument[1..2];sql;manual", - "android.database;DatabaseUtils;false;queryNumEntries;(SQLiteDatabase,String,String,String[]);;Argument[1..2];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;delete;(SQLiteDatabase,String,String[]);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;delete;(SQLiteDatabase,String,String[]);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;insert;(SQLiteDatabase,ContentValues);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;update;(SQLiteDatabase,ContentValues,String,String[]);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;update;(SQLiteDatabase,ContentValues,String,String[]);;Argument[2];sql;manual", - // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder) - // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit) - // query(SQLiteDatabase db, String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit, CancellationSignal cancellationSignal) - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String);;Argument[4..6];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String);;Argument[4..7];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[-1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[1];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[2];sql;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;query;(SQLiteDatabase,String[],String,String[],String,String,String,String,CancellationSignal);;Argument[4..7];sql;manual", - "android.content;ContentProvider;true;delete;(Uri,String,String[]);;Argument[1];sql;manual", - "android.content;ContentProvider;true;update;(Uri,ContentValues,String,String[]);;Argument[2];sql;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[2];sql;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Argument[2];sql;manual", - "android.content;ContentResolver;true;delete;(Uri,String,String[]);;Argument[1];sql;manual", - "android.content;ContentResolver;true;update;(Uri,ContentValues,String,String[]);;Argument[2];sql;manual", - "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[2];sql;manual", - "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String);;Argument[2];sql;manual" - ] - } -} - -private class SqlFlowStep extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind", - // buildQuery(String[] projectionIn, String selection, String groupBy, String having, String sortOrder, String limit) - // buildQuery(String[] projectionIn, String selection, String[] selectionArgs, String groupBy, String having, String sortOrder, String limit) - // buildUnionQuery(String[] subQueries, String sortOrder, String limit) - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[-1];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String,String,String,String);;Argument[1..5];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[-1];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[1];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQuery;(String[],String,String[],String,String,String,String);;Argument[3..6];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[-1];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionQuery;(String[],String,String);;Argument[1..2];ReturnValue;taint;manual", - // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String[] selectionArgs, String groupBy, String having) - // buildUnionSubQuery(String typeDiscriminatorColumn, String[] unionColumns, Set columnsPresentInTable, int computedColumnsOffset, String typeDiscriminatorValue, String selection, String groupBy, String having) - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[-1..0];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[2].Element;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[4..5];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String[],String,String);;Argument[7..8];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[-1..0];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[2].Element;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildUnionSubQuery;(String,String[],Set,int,String,String,String,String);;Argument[4..7];ReturnValue;taint;manual", - // static buildQueryString(boolean distinct, String tables, String[] columns, String where, String groupBy, String having, String orderBy, String limit) - "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[1];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[2].ArrayElement;ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;buildQueryString;(boolean,String,String[],String,String,String,String,String);;Argument[3..7];ReturnValue;taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map);;Argument[0].MapKey;Argument[-1];taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;setProjectionMap;(Map);;Argument[0].MapValue;Argument[-1];taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;setTables;(String);;Argument[0];Argument[-1];taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;appendWhere;(CharSequence);;Argument[0];Argument[-1];taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;appendWhereStandalone;(CharSequence);;Argument[0];Argument[-1];taint;manual", - "android.database.sqlite;SQLiteQueryBuilder;true;appendColumns;(StringBuilder,String[]);;Argument[1].ArrayElement;Argument[0];taint;manual", - "android.database;DatabaseUtils;false;appendSelectionArgs;(String[],String[]);;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;taint;manual", - "android.database;DatabaseUtils;false;concatenateWhere;(String,String);;Argument[0..1];ReturnValue;taint;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint;manual", - "android.content;ContentProvider;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String);;Argument[0];ReturnValue;taint;manual", - "android.content;ContentResolver;true;query;(Uri,String[],String,String[],String,CancellationSignal);;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll index 8a5c455fedd..99131155151 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/SharedPreferences.qll @@ -56,19 +56,3 @@ class StoreSharedPreferenceMethod extends Method { this.hasName(["commit", "apply"]) } } - -private class SharedPreferencesSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "android.content;SharedPreferences$Editor;true;clear;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putBoolean;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putFloat;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putInt;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putLong;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putString;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;putStringSet;;;Argument[-1];ReturnValue;value;manual", - "android.content;SharedPreferences$Editor;true;remove;;;Argument[-1];ReturnValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll b/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll index b787f0ad282..393a543bbfb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Slice.qll @@ -39,87 +39,3 @@ private class SliceActionsInheritTaint extends DataFlow::SyntheticFieldContent, TaintInheritingContent { SliceActionsInheritTaint() { this.getField() = "androidx.slice.Slice.action" } } - -private class SliceBuildersSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "androidx.slice.builders;ListBuilder;true;addAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addGridRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addInputRange;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addRange;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addRating;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;addSelection;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;setHeader;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;setSeeMoreAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;setSeeMoreRow;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder;true;build;;;Argument[-1].SyntheticField[androidx.slice.Slice.action];ReturnValue;taint;manual", - "androidx.slice.builders;ListBuilder$HeaderBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;addEndItem;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setInputAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RangeBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RatingBuilder;true;setInputAction;(PendingIntent);;Argument[0];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RatingBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction,boolean);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;addEndItem;(SliceAction);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;setPrimaryAction;;;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction,boolean);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;setTitleItem;(SliceAction);;Argument[0].SyntheticField[androidx.slice.Slice.action];Argument[-1].SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;SliceAction;true;create;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;SliceAction;true;createDeeplink;(PendingIntent,IconCompat,int,CharSequence);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;SliceAction;true;createToggle;(PendingIntent,CharSequence,boolean);;Argument[0];ReturnValue.SyntheticField[androidx.slice.Slice.action];taint;manual", - "androidx.slice.builders;SliceAction;true;getAction;;;Argument[-1].SyntheticField[androidx.slice.Slice.action];ReturnValue;taint;manual", - // Fluent models - "androidx.slice.builders;ListBuilder;true;" + - [ - "addAction", "addGridRow", "addInputRange", "addRange", "addRating", "addRow", - "addSelection", "setAccentColor", "setHeader", "setHostExtras", "setIsError", - "setKeywords", "setLayoutDirection", "setSeeMoreAction", "setSeeMoreRow" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;ListBuilder$HeaderBuilder;true;" + - [ - "setContentDescription", "setLayoutDirection", "setPrimaryAction", "setSubtitle", - "setSummary", "setTitle" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;ListBuilder$InputRangeBuilder;true;" + - [ - "addEndItem", "setContentDescription", "setInputAction", "setLayoutDirection", "setMax", - "setMin", "setPrimaryAction", "setSubtitle", "setThumb", "setTitle", "setTitleItem", - "setValue" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;ListBuilder$RangeBuilder;true;" + - [ - "setContentDescription", "setMax", "setMode", "setPrimaryAction", "setSubtitle", - "setTitle", "setTitleItem", "setValue" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;ListBuilder$RatingBuilder;true;" + - [ - "setContentDescription", "setInputAction", "setMax", "setMin", "setPrimaryAction", - "setSubtitle", "setTitle", "setTitleItem", "setValue" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;ListBuilder$RowBuilder;true;" + - [ - "addEndItem", "setContentDescription", "setEndOfSection", "setLayoutDirection", - "setPrimaryAction", "setSubtitle", "setTitle", "setTitleItem" - ] + ";;;Argument[-1];ReturnValue;value;manual", - "androidx.slice.builders;SliceAction;true;" + - ["setChecked", "setContentDescription", "setPriority"] + - ";;;Argument[-1];ReturnValue;value;manual" - ] - } -} - -private class SliceProviderSourceModels extends SourceModelCsv { - override predicate row(string row) { - row = - [ - "androidx.slice;SliceProvider;true;onBindSlice;;;Parameter[0];contentprovider;manual", - "androidx.slice;SliceProvider;true;onCreatePermissionRequest;;;Parameter[0];contentprovider;manual", - "androidx.slice;SliceProvider;true;onMapIntentToUri;;;Parameter[0];contentprovider;manual", - "androidx.slice;SliceProvider;true;onSlicePinned;;;Parameter[0];contentprovider;manual", - "androidx.slice;SliceProvider;true;onSliceUnpinned;;;Parameter[0];contentprovider;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll index e66852e8e2e..81c34179c15 100644 --- a/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll +++ b/java/ql/lib/semmle/code/java/frameworks/android/Widget.qll @@ -4,12 +4,6 @@ import java private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.FlowSources -private class AndroidWidgetSourceModels extends SourceModelCsv { - override predicate row(string row) { - row = "android.widget;EditText;true;getText;;;ReturnValue;android-widget;manual" - } -} - private class DefaultAndroidWidgetSources extends RemoteFlowSource { DefaultAndroidWidgetSources() { sourceNode(this, "android-widget") } @@ -35,9 +29,3 @@ private class EditableToStringStep extends AdditionalTaintStep { ) } } - -private class AndroidWidgetSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = "android.widget;EditText;true;getText;;;Argument[-1];ReturnValue;taint;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll b/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll deleted file mode 100644 index c324d22a605..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/android/XssSinks.qll +++ /dev/null @@ -1,16 +0,0 @@ -/** Provides XSS sink models relating to the `android.webkit.WebView` class. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -/** CSV sink models representing methods susceptible to XSS attacks. */ -private class DefaultXssSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "android.webkit;WebView;false;loadData;;;Argument[0];xss;manual", - "android.webkit;WebView;false;loadDataWithBaseURL;;;Argument[1];xss;manual", - "android.webkit;WebView;false;evaluateJavascript;;;Argument[0];xss;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll index 4eb7f644233..6f8158b6c66 100644 --- a/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll +++ b/java/ql/lib/semmle/code/java/frameworks/apache/Collections.qll @@ -29,1163 +29,3 @@ class MethodApacheCollectionsIsNotEmpty extends Method { this.hasName("isNotEmpty") } } - -/** - * Value-propagating models for classes in the package `org.apache.commons.collections4`. - */ -private class ApacheCollectionsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should model things relating to Closure, Factory, Transformer, FluentIterable.forEach, FluentIterable.transform - ";ArrayStack;true;peek;;;Argument[-1].Element;ReturnValue;value;manual", - ";ArrayStack;true;pop;;;Argument[-1].Element;ReturnValue;value;manual", - ";ArrayStack;true;push;;;Argument[0];Argument[-1].Element;value;manual", - ";ArrayStack;true;push;;;Argument[0];ReturnValue;value;manual", - ";Bag;true;add;;;Argument[0];Argument[-1].Element;value;manual", - ";Bag;true;uniqueSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";BidiMap;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";BidiMap;true;removeValue;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";BidiMap;true;inverseBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - ";BidiMap;true;inverseBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - ";FluentIterable;true;append;(Object[]);;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;append;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";FluentIterable;true;append;(Iterable);;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;append;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;asEnumeration;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;collate;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;collate;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;copyInto;;;Argument[-1].Element;Argument[0].Element;value;manual", - ";FluentIterable;true;eval;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;filter;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;get;;;Argument[-1].Element;ReturnValue;value;manual", - ";FluentIterable;true;limit;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;loop;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;of;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;of;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";FluentIterable;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual", - ";FluentIterable;true;reverse;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;skip;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;toArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - ";FluentIterable;true;toList;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;unique;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;unmodifiable;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;zip;(Iterable);;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;zip;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;zip;(Iterable[]);;Argument[-1].Element;ReturnValue.Element;value;manual", - ";FluentIterable;true;zip;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - ";Get;true;entrySet;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual", - ";Get;true;entrySet;;;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual", - ";Get;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual", - ";Get;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ";Get;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - ";Get;true;remove;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - ";IterableGet;true;mapIterator;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ";IterableGet;true;mapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ";KeyValue;true;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";KeyValue;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - // Note that MapIterator implements Iterator, so it iterates over the keys of the map. - // In order for the models of Iterator to work we have to use Element instead of MapKey for key data. - ";MapIterator;true;getKey;;;Argument[-1].Element;ReturnValue;value;manual", - ";MapIterator;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - ";MapIterator;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - ";MapIterator;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual", - ";MultiMap;true;get;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiMap;true;put;;;Argument[0];Argument[-1].MapKey;value;manual", - ";MultiMap;true;put;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - ";MultiMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiSet$Entry;true;getElement;;;Argument[-1].Element;ReturnValue;value;manual", - ";MultiSet;true;add;;;Argument[0];Argument[-1].Element;value;manual", - ";MultiSet;true;uniqueSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";MultiSet;true;entrySet;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual", - ";MultiValuedMap;true;asMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ";MultiValuedMap;true;asMap;;;Argument[-1].MapValue.Element;ReturnValue.MapValue.Element;value;manual", - ";MultiValuedMap;true;entries;;;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual", - ";MultiValuedMap;true;entries;;;Argument[-1].MapValue.Element;ReturnValue.Element.MapValue;value;manual", - ";MultiValuedMap;true;get;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiValuedMap;true;keys;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ";MultiValuedMap;true;keySet;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ";MultiValuedMap;true;mapIterator;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ";MultiValuedMap;true;mapIterator;;;Argument[-1].MapValue.Element;ReturnValue.MapValue;value;manual", - ";MultiValuedMap;true;put;;;Argument[0];Argument[-1].MapKey;value;manual", - ";MultiValuedMap;true;put;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - ";MultiValuedMap;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual", - ";MultiValuedMap;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual", - ";MultiValuedMap;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ";MultiValuedMap;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - ";MultiValuedMap;true;putAll;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ";MultiValuedMap;true;putAll;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - ";MultiValuedMap;true;remove;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiValuedMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ";OrderedIterator;true;previous;;;Argument[-1].Element;ReturnValue;value;manual", - ";OrderedMap;true;firstKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";OrderedMap;true;lastKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";OrderedMap;true;nextKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";OrderedMap;true;previousKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ";Put;true;put;;;Argument[-1].MapValue;ReturnValue;value;manual", - ";Put;true;put;;;Argument[0];Argument[-1].MapKey;value;manual", - ";Put;true;put;;;Argument[1];Argument[-1].MapValue;value;manual", - ";Put;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ";Put;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ";SortedBag;true;first;;;Argument[-1].Element;ReturnValue;value;manual", - ";SortedBag;true;last;;;Argument[-1].Element;ReturnValue;value;manual", - ";Trie;true;prefixMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ";Trie;true;prefixMap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -// Note that when lambdas are supported we should model the package `org.apache.commons.collections4.functors`, -// and when more general callable flow is supported we should model the package -// `org.apache.commons.collections4.sequence`. -/** - * Value-propagating models for classes in the package `org.apache.commons.collections4.keyvalue`. - */ -private class ApacheKeyValueModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ".keyvalue;AbstractKeyValue;true;AbstractKeyValue;;;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;AbstractKeyValue;true;AbstractKeyValue;;;Argument[1];Argument[-1].MapValue;value;manual", - ".keyvalue;AbstractKeyValue;true;setKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ".keyvalue;AbstractKeyValue;true;setKey;;;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;AbstractKeyValue;true;setValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - ".keyvalue;AbstractKeyValue;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual", - ".keyvalue;AbstractMapEntry;true;AbstractMapEntry;;;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;AbstractMapEntry;true;AbstractMapEntry;;;Argument[1];Argument[-1].MapValue;value;manual", - ".keyvalue;AbstractMapEntryDecorator;true;AbstractMapEntryDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;AbstractMapEntryDecorator;true;AbstractMapEntryDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;AbstractMapEntryDecorator;true;getMapEntry;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ".keyvalue;AbstractMapEntryDecorator;true;getMapEntry;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultKeyValue;true;DefaultKeyValue;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;DefaultKeyValue;true;toMapEntry;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ".keyvalue;DefaultKeyValue;true;toMapEntry;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;DefaultMapEntry;true;DefaultMapEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object[]);;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object[],boolean);;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object);;Argument[0];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object);;Argument[1];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object);;Argument[3];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[0];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[1];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[2];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[3];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;MultiKey;(Object,Object,Object,Object,Object);;Argument[4];Argument[-1].Element;value;manual", - ".keyvalue;MultiKey;true;getKeys;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - ".keyvalue;MultiKey;true;getKey;;;Argument[-1].Element;ReturnValue;value;manual", - ".keyvalue;TiedMapEntry;true;TiedMapEntry;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;TiedMapEntry;true;TiedMapEntry;;;Argument[1];Argument[-1].MapKey;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".keyvalue;UnmodifiableMapEntry;true;UnmodifiableMapEntry;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for classes in the package `org.apache.commons.collections4.bag`. - */ -private class ApacheBagModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedBag, TransformedSortedBag - ".bag;AbstractBagDecorator;true;AbstractBagDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;AbstractMapBag;true;AbstractMapBag;;;Argument[0].MapKey;Argument[-1].Element;value;manual", - ".bag;AbstractMapBag;true;getMap;;;Argument[-1].Element;ReturnValue.MapKey;value;manual", - ".bag;AbstractSortedBagDecorator;true;AbstractSortedBagDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;CollectionBag;true;CollectionBag;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;CollectionBag;true;collectionBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;CollectionSortedBag;true;CollectionSortedBag;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;CollectionSortedBag;true;collectionSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;HashBag;true;HashBag;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;PredicatedBag;true;predicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;PredicatedSortedBag;true;predicatedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;SynchronizedBag;true;synchronizedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;SynchronizedSortedBag;true;synchronizedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;TransformedBag;true;transformedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;TransformedSortedBag;true;transformedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;TreeBag;true;TreeBag;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".bag;UnmodifiableBag;true;unmodifiableBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".bag;UnmodifiableSortedBag;true;unmodifiableSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for classes in the package `org.apache.commons.collections4.bidimap`. - */ -private class ApacheBidiMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ".bidimap;AbstractBidiMapDecorator;true;AbstractBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractBidiMapDecorator;true;AbstractBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[1].MapKey;Argument[-1].MapValue;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[1].MapValue;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[2].MapKey;Argument[-1].MapValue;value;manual", - ".bidimap;AbstractDualBidiMap;true;AbstractDualBidiMap;;;Argument[2].MapValue;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractOrderedBidiMapDecorator;true;AbstractOrderedBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractOrderedBidiMapDecorator;true;AbstractOrderedBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;AbstractSortedBidiMapDecorator;true;AbstractSortedBidiMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;AbstractSortedBidiMapDecorator;true;AbstractSortedBidiMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;DualHashBidiMap;true;DualHashBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;DualHashBidiMap;true;DualHashBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;DualLinkedHashBidiMap;true;DualLinkedHashBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;DualLinkedHashBidiMap;true;DualLinkedHashBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;DualTreeBidiMap;true;DualTreeBidiMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;DualTreeBidiMap;true;DualTreeBidiMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;DualTreeBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - ".bidimap;DualTreeBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - ".bidimap;DualTreeBidiMap;true;inverseSortedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - ".bidimap;DualTreeBidiMap;true;inverseSortedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - ".bidimap;TreeBidiMap;true;TreeBidiMap;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".bidimap;TreeBidiMap;true;TreeBidiMap;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".bidimap;UnmodifiableBidiMap;true;unmodifiableBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".bidimap;UnmodifiableBidiMap;true;unmodifiableBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".bidimap;UnmodifiableOrderedBidiMap;true;unmodifiableOrderedBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".bidimap;UnmodifiableOrderedBidiMap;true;unmodifiableOrderedBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".bidimap;UnmodifiableOrderedBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - ".bidimap;UnmodifiableOrderedBidiMap;true;inverseOrderedBidiMap;;;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - ".bidimap;UnmodifiableSortedBidiMap;true;unmodifiableSortedBidiMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".bidimap;UnmodifiableSortedBidiMap;true;unmodifiableSortedBidiMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for classes in the package `org.apache.commons.collections4.collection`. - */ -private class ApacheCollectionModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedCollection - ".collection;AbstractCollectionDecorator;true;AbstractCollectionDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;AbstractCollectionDecorator;true;decorated;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;AbstractCollectionDecorator;true;setCollection;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection$CollectionMutator;true;add;;;Argument[2];Argument[0].Element;value;manual", - ".collection;CompositeCollection$CollectionMutator;true;add;;;Argument[2];Argument[1].Element.Element;value;manual", - ".collection;CompositeCollection$CollectionMutator;true;addAll;;;Argument[2].Element;Argument[0].Element;value;manual", - ".collection;CompositeCollection$CollectionMutator;true;addAll;;;Argument[2].Element;Argument[1].Element.Element;value;manual", - ".collection;CompositeCollection;true;CompositeCollection;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;CompositeCollection;(Collection,Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;CompositeCollection;(Collection,Collection);;Argument[1].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;CompositeCollection;(Collection[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;addComposited;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;addComposited;(Collection,Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;addComposited;(Collection,Collection);;Argument[1].Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;addComposited;(Collection[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".collection;CompositeCollection;true;toCollection;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;CompositeCollection;true;getCollections;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual", - ".collection;IndexedCollection;true;IndexedCollection;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;IndexedCollection;true;uniqueIndexedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;IndexedCollection;true;nonUniqueIndexedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;IndexedCollection;true;get;;;Argument[-1].Element;ReturnValue;value;manual", - ".collection;IndexedCollection;true;values;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;add;;;Argument[0];Argument[-1].Element;value;manual", - ".collection;PredicatedCollection$Builder;true;addAll;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedList;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedMultiSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedBag;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedQueue;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;createPredicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection$Builder;true;rejectedElements;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".collection;PredicatedCollection;true;predicatedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;SynchronizedCollection;true;synchronizedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;TransformedCollection;true;transformingCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;UnmodifiableBoundedCollection;true;unmodifiableBoundedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".collection;UnmodifiableCollection;true;unmodifiableCollection;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.iterators`. - */ -private class ApacheIteratorsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformIterator - ".iterators;AbstractIteratorDecorator;true;AbstractIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;AbstractListIteratorDecorator;true;AbstractListIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;AbstractListIteratorDecorator;true;getListIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;AbstractMapIteratorDecorator;true;AbstractMapIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;AbstractMapIteratorDecorator;true;AbstractMapIteratorDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".iterators;AbstractMapIteratorDecorator;true;getMapIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;AbstractMapIteratorDecorator;true;getMapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".iterators;AbstractOrderedMapIteratorDecorator;true;AbstractOrderedMapIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;AbstractOrderedMapIteratorDecorator;true;AbstractOrderedMapIteratorDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".iterators;AbstractOrderedMapIteratorDecorator;true;getOrderedMapIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;AbstractOrderedMapIteratorDecorator;true;getOrderedMapIterator;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".iterators;AbstractUntypedIteratorDecorator;true;AbstractUntypedIteratorDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;AbstractUntypedIteratorDecorator;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;ArrayIterator;true;ArrayIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".iterators;ArrayIterator;true;getArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - ".iterators;ArrayListIterator;true;ArrayListIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".iterators;BoundedIterator;true;BoundedIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator,Iterator);;Argument[2].Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Iterator[]);;Argument[1].ArrayElement.Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;CollatingIterator;(Comparator,Collection);;Argument[1].Element.Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;addIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;setIterator;;;Argument[1].Element;Argument[-1].Element;value;manual", - ".iterators;CollatingIterator;true;getIterators;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual", - ".iterators;EnumerationIterator;true;EnumerationIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;EnumerationIterator;true;getEnumeration;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;EnumerationIterator;true;setEnumeration;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;FilterIterator;true;FilterIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;FilterIterator;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;FilterIterator;true;setIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;FilterListIterator;true;FilterListIterator;(ListIterator);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;FilterListIterator;true;FilterListIterator;(ListIterator,Predicate);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;FilterListIterator;true;getListIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;FilterListIterator;true;setListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;IteratorChain;(Iterator);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;IteratorChain;(Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;IteratorChain;(Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;IteratorChain;(Iterator[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;IteratorChain;(Collection);;Argument[0].Element.Element;Argument[-1].Element;value;manual", - ".iterators;IteratorChain;true;addIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorEnumeration;true;IteratorEnumeration;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorEnumeration;true;getIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".iterators;IteratorEnumeration;true;setIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;IteratorIterable;true;IteratorIterable;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;ListIteratorWrapper;true;ListIteratorWrapper;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;LoopingIterator;true;LoopingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;LoopingListIterator;true;LoopingListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;ObjectArrayIterator;true;ObjectArrayIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".iterators;ObjectArrayIterator;true;getArray;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - ".iterators;ObjectArrayListIterator;true;ObjectArrayListIterator;;;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - ".iterators;PeekingIterator;true;PeekingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;PeekingIterator;true;peekingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;PeekingIterator;true;peek;;;Argument[-1].Element;ReturnValue;value;manual", - ".iterators;PeekingIterator;true;element;;;Argument[-1].Element;ReturnValue;value;manual", - ".iterators;PermutationIterator;true;PermutationIterator;;;Argument[0].Element;Argument[-1].Element.Element;value;manual", - ".iterators;PushbackIterator;true;PushbackIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;PushbackIterator;true;pushbackIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;PushbackIterator;true;pushback;;;Argument[0];Argument[-1].Element;value;manual", - ".iterators;ReverseListIterator;true;ReverseListIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;SingletonIterator;true;SingletonIterator;;;Argument[0];Argument[-1].Element;value;manual", - ".iterators;SingletonListIterator;true;SingletonListIterator;;;Argument[0];Argument[-1].Element;value;manual", - ".iterators;SkippingIterator;true;SkippingIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;UniqueFilterIterator;true;UniqueFilterIterator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;UnmodifiableIterator;true;unmodifiableIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;UnmodifiableListIterator;true;umodifiableListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;UnmodifiableMapIterator;true;unmodifiableMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;UnmodifiableMapIterator;true;unmodifiableMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".iterators;UnmodifiableOrderedMapIterator;true;unmodifiableOrderedMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".iterators;UnmodifiableOrderedMapIterator;true;unmodifiableOrderedMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[0].Element;Argument[-1].Element;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[1].Element;Argument[-1].Element;value;manual", - ".iterators;ZippingIterator;true;ZippingIterator;(Iterator,Iterator,Iterator);;Argument[2].Element;Argument[-1].Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.list`. - */ -private class ApacheListModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedList - ".list;AbstractLinkedList;true;AbstractLinkedList;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;AbstractLinkedList;true;getFirst;;;Argument[-1].Element;ReturnValue;value;manual", - ".list;AbstractLinkedList;true;getLast;;;Argument[-1].Element;ReturnValue;value;manual", - ".list;AbstractLinkedList;true;addFirst;;;Argument[0];Argument[-1].Element;value;manual", - ".list;AbstractLinkedList;true;addLast;;;Argument[0];Argument[-1].Element;value;manual", - ".list;AbstractLinkedList;true;removeFirst;;;Argument[-1].Element;ReturnValue;value;manual", - ".list;AbstractLinkedList;true;removeLast;;;Argument[-1].Element;ReturnValue;value;manual", - ".list;AbstractListDecorator;true;AbstractListDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;AbstractSerializableListDecorator;true;AbstractSerializableListDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;CursorableLinkedList;true;CursorableLinkedList;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;CursorableLinkedList;true;cursor;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".list;FixedSizeList;true;fixedSizeList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;GrowthList;true;growthList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;LazyList;true;lazyList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;NodeCachingLinkedList;true;NodeCachingLinkedList;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;PredicatedList;true;predicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;SetUniqueList;true;setUniqueList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;SetUniqueList;true;asSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".list;TransformedList;true;transformingList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".list;TreeList;true;TreeList;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;UnmodifiableList;true;UnmodifiableList;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".list;UnmodifiableList;true;unmodifiableList;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.map`. - */ -private class ApacheMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for DefaultedMap, LazyMap, TransformedMap, TransformedSortedMap - ".map;AbstractHashedMap;true;AbstractHashedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;AbstractHashedMap;true;AbstractHashedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;AbstractLinkedMap;true;AbstractLinkedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;AbstractLinkedMap;true;AbstractLinkedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;AbstractMapDecorator;true;AbstractMapDecorator;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;AbstractMapDecorator;true;AbstractMapDecorator;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;AbstractMapDecorator;true;decorated;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ".map;AbstractMapDecorator;true;decorated;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".map;AbstractOrderedMapDecorator;true;AbstractOrderedMapDecorator;(OrderedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;AbstractOrderedMapDecorator;true;AbstractOrderedMapDecorator;(OrderedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;AbstractSortedMapDecorator;true;AbstractSortedMapDecorator;(SortedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;AbstractSortedMapDecorator;true;AbstractSortedMapDecorator;(SortedMap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;CaseInsensitiveMap;true;CaseInsensitiveMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;CaseInsensitiveMap;true;CaseInsensitiveMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[1].MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map,Map,MapMutator);;Argument[1].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map[]);;Argument[0].ArrayElement.MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map[]);;Argument[0].ArrayElement.MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map[],MapMutator);;Argument[0].ArrayElement.MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;CompositeMap;(Map[],MapMutator);;Argument[0].ArrayElement.MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;addComposited;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;CompositeMap;true;addComposited;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;CompositeMap;true;removeComposited;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ".map;CompositeMap;true;removeComposited;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".map;CompositeMap;true;removeComposited;;;Argument[0];ReturnValue;value;manual", - ".map;DefaultedMap;true;DefaultedMap;(Object);;Argument[0];Argument[-1].MapValue;value;manual", - ".map;DefaultedMap;true;defaultedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;DefaultedMap;true;defaultedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;DefaultedMap;true;defaultedMap;(Map,Object);;Argument[1];ReturnValue.MapValue;value;manual", - ".map;EntrySetToMapIteratorAdapter;true;EntrySetToMapIteratorAdapter;;;Argument[0].Element.MapKey;Argument[-1].Element;value;manual", - ".map;EntrySetToMapIteratorAdapter;true;EntrySetToMapIteratorAdapter;;;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual", - ".map;FixedSizeMap;true;fixedSizeMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;FixedSizeMap;true;fixedSizeMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;FixedSizeSortedMap;true;fixedSizeSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;FixedSizeSortedMap;true;fixedSizeSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;Flat3Map;true;Flat3Map;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;Flat3Map;true;Flat3Map;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;HashedMap;true;HashedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;HashedMap;true;HashedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;LazyMap;true;lazyMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;LazyMap;true;lazyMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;LazySortedMap;true;lazySortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;LazySortedMap;true;lazySortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;LinkedMap;true;LinkedMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;LinkedMap;true;LinkedMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;LinkedMap;true;get;(int);;Argument[-1].MapKey;ReturnValue;value;manual", - ".map;LinkedMap;true;getValue;(int);;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;LinkedMap;true;remove;(int);;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;LinkedMap;true;asList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ".map;ListOrderedMap;true;listOrderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;ListOrderedMap;true;listOrderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;ListOrderedMap;true;putAll;;;Argument[1].MapKey;Argument[-1].MapKey;value;manual", - ".map;ListOrderedMap;true;putAll;;;Argument[1].MapValue;Argument[-1].MapValue;value;manual", - ".map;ListOrderedMap;true;keyList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ".map;ListOrderedMap;true;valueList;;;Argument[-1].MapValue;ReturnValue.Element;value;manual", - ".map;ListOrderedMap;true;get;(int);;Argument[-1].MapKey;ReturnValue;value;manual", - ".map;ListOrderedMap;true;getValue;(int);;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;ListOrderedMap;true;setValue;;;Argument[1];Argument[-1].MapValue;value;manual", - ".map;ListOrderedMap;true;put;;;Argument[1];Argument[-1].MapKey;value;manual", - ".map;ListOrderedMap;true;put;;;Argument[2];Argument[-1].MapValue;value;manual", - ".map;ListOrderedMap;true;remove;(int);;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;ListOrderedMap;true;asList;;;Argument[-1].MapKey;ReturnValue.Element;value;manual", - ".map;LRUMap;true;LRUMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;LRUMap;true;LRUMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;LRUMap;true;LRUMap;(Map,boolean);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;LRUMap;true;LRUMap;(Map,boolean);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;LRUMap;true;get;(Object,boolean);;Argument[0].MapValue;ReturnValue;value;manual", - ".map;MultiKeyMap;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;MultiKeyMap;true;put;;;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object);;Argument[0..1];Argument[-1].MapKey.Element;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object);;Argument[0..2];Argument[-1].MapKey.Element;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object);;Argument[0..3];Argument[-1].MapKey.Element;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object,Object);;Argument[0..4];Argument[-1].MapKey.Element;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object);;Argument[3];Argument[-1].MapValue;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object);;Argument[4];Argument[-1].MapValue;value;manual", - ".map;MultiKeyMap;true;put;(Object,Object,Object,Object,Object,Object);;Argument[5];Argument[-1].MapValue;value;manual", - ".map;MultiKeyMap;true;removeMultiKey;;;Argument[-1].MapValue;ReturnValue;value;manual", - ".map;MultiValueMap;true;multiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;MultiValueMap;true;multiValueMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual", - ".map;MultiValueMap;true;getCollection;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ".map;MultiValueMap;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - ".map;MultiValueMap;true;putAll;(Map);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - ".map;MultiValueMap;true;values;;;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ".map;MultiValueMap;true;putAll;(Object,Collection);;Argument[0];Argument[-1].MapKey;value;manual", - ".map;MultiValueMap;true;putAll;(Object,Collection);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual", - ".map;MultiValueMap;true;iterator;(Object);;Argument[-1].MapValue.Element;ReturnValue.Element;value;manual", - ".map;MultiValueMap;true;iterator;();;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual", - ".map;MultiValueMap;true;iterator;();;Argument[-1].MapValue.Element;ReturnValue.Element.MapValue;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(ExpirationPolicy,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(ExpirationPolicy,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,Map);;Argument[1].MapKey;Argument[-1].MapKey;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,Map);;Argument[1].MapValue;Argument[-1].MapValue;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,TimeUnit,Map);;Argument[2].MapKey;Argument[-1].MapKey;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(long,TimeUnit,Map);;Argument[2].MapValue;Argument[-1].MapValue;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;PassiveExpiringMap;true;PassiveExpiringMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;PredicatedMap;true;predicatedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;PredicatedMap;true;predicatedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;PredicatedSortedMap;true;predicatedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;PredicatedSortedMap;true;predicatedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;SingletonMap;true;SingletonMap;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - ".map;SingletonMap;true;SingletonMap;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - ".map;SingletonMap;true;SingletonMap;(KeyValue);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;SingletonMap;true;SingletonMap;(KeyValue);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;SingletonMap;true;SingletonMap;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;SingletonMap;true;SingletonMap;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;SingletonMap;true;SingletonMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".map;SingletonMap;true;SingletonMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".map;SingletonMap;true;setValue;;;Argument[0];Argument[-1].MapValue;value;manual", - ".map;TransformedMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;TransformedMap;true;transformingMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;TransformedSortedMap;true;transformingSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;TransformedSortedMap;true;transformingSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;UnmodifiableEntrySet;true;unmodifiableEntrySet;;;Argument[0].Element.MapKey;ReturnValue.Element.MapKey;value;manual", - ".map;UnmodifiableEntrySet;true;unmodifiableEntrySet;;;Argument[0].Element.MapValue;ReturnValue.Element.MapValue;value;manual", - ".map;UnmodifiableMap;true;unmodifiableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;UnmodifiableMap;true;unmodifiableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;UnmodifiableOrderedMap;true;unmodifiableOrderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;UnmodifiableOrderedMap;true;unmodifiableOrderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ".map;UnmodifiableSortedMap;true;unmodifiableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".map;UnmodifiableSortedMap;true;unmodifiableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.multimap`. - */ -private class ApacheMultiMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedMultiValuedMap - ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".multimap;ArrayListValuedHashMap;true;ArrayListValuedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(MultiValuedMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(MultiValuedMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".multimap;HashSetValuedHashMap;true;HashSetValuedHashMap;(Map);;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - ".multimap;TransformedMultiValuedMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".multimap;TransformedMultiValuedMap;true;transformingMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual", - ".multimap;UnmodifiableMultiValuedMap;true;unmodifiableMultiValuedMap;(MultiValuedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".multimap;UnmodifiableMultiValuedMap;true;unmodifiableMultiValuedMap;(MultiValuedMap);;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.multiset`. - */ -private class ApacheMultiSetModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ".multiset;HashMultiSet;true;HashMultiSet;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".multiset;PredicatedMultiSet;true;predicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".multiset;SynchronizedMultiSet;true;synchronizedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".multiset;UnmodifiableMultiSet;true;unmodifiableMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.properties`. - */ -private class ApachePropertiesModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ".properties;AbstractPropertiesFactory;true;load;(ClassLoader,String);;Argument[1];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(File);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(InputStream);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(Path);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(Reader);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(String);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(URI);;Argument[0];ReturnValue;taint;manual", - ".properties;AbstractPropertiesFactory;true;load;(URL);;Argument[0];ReturnValue;taint;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.queue`. - */ -private class ApacheQueueModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedQueue - ".queue;CircularFifoQueue;true;CircularFifoQueue;(Collection);;Argument[0].Element;Argument[-1].Element;value;manual", - ".queue;CircularFifoQueue;true;get;;;Argument[-1].Element;ReturnValue;value;manual", - ".queue;PredicatedQueue;true;predicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".queue;SynchronizedQueue;true;synchronizedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".queue;TransformedQueue;true;transformingQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".queue;UnmodifiableQueue;true;unmodifiableQueue;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.set`. - */ -private class ApacheSetModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedNavigableSet - ".set;AbstractNavigableSetDecorator;true;AbstractNavigableSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;AbstractSetDecorator;true;AbstractSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;AbstractSortedSetDecorator;true;AbstractSortedSetDecorator;;;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;CompositeSet$SetMutator;true;add;;;Argument[2];Argument[0].Element;value;manual", - ".set;CompositeSet$SetMutator;true;add;;;Argument[2];Argument[1].Element.Element;value;manual", - ".set;CompositeSet$SetMutator;true;addAll;;;Argument[2].Element;Argument[0].Element;value;manual", - ".set;CompositeSet$SetMutator;true;addAll;;;Argument[2].Element;Argument[1].Element.Element;value;manual", - ".set;CompositeSet;true;CompositeSet;(Set);;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;CompositeSet;(Set[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;addComposited;(Set);;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;addComposited;(Set,Set);;Argument[0].Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;addComposited;(Set,Set);;Argument[1].Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;addComposited;(Set[]);;Argument[0].ArrayElement.Element;Argument[-1].Element;value;manual", - ".set;CompositeSet;true;toSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".set;CompositeSet;true;getSets;;;Argument[-1].Element;ReturnValue.Element.Element;value;manual", - ".set;ListOrderedSet;true;listOrderedSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;ListOrderedSet;true;listOrderedSet;(List);;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;ListOrderedSet;true;asList;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ".set;ListOrderedSet;true;get;;;Argument[-1].Element;ReturnValue;value;manual", - ".set;ListOrderedSet;true;add;;;Argument[1];Argument[-1].Element;value;manual", - ".set;ListOrderedSet;true;addAll;;;Argument[1].Element;Argument[-1].Element;value;manual", - ".set;MapBackedSet;true;mapBackedSet;;;Argument[0].MapKey;ReturnValue.Element;value;manual", - ".set;PredicatedNavigableSet;true;predicatedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;PredicatedSet;true;predicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;PredicatedSortedSet;true;predicatedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;TransformedNavigableSet;true;transformingNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;TransformedSet;true;transformingSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;TransformedSortedSet;true;transformingSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;UnmodifiableNavigableSet;true;unmodifiableNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;UnmodifiableSet;true;unmodifiableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ".set;UnmodifiableSortedSet;true;unmodifiableSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.splitmap`. - */ -private class ApacheSplitMapModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedSplitMap - ".splitmap;AbstractIterableGetMapDecorator;true;AbstractIterableGetMapDecorator;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".splitmap;AbstractIterableGetMapDecorator;true;AbstractIterableGetMapDecorator;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".splitmap;TransformedSplitMap;true;transformingMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".splitmap;TransformedSplitMap;true;transformingMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the package `org.apache.commons.collections4.trie`. - */ -private class ApacheTrieModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for TransformedSplitMap - ".trie;PatriciaTrie;true;PatriciaTrie;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - ".trie;PatriciaTrie;true;PatriciaTrie;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - ".trie;AbstractPatriciaTrie;true;select;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - ".trie;AbstractPatriciaTrie;true;select;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - ".trie;AbstractPatriciaTrie;true;selectKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - ".trie;AbstractPatriciaTrie;true;selectValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - ".trie;UnmodifiableTrie;true;unmodifiableTrie;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ".trie;UnmodifiableTrie;true;unmodifiableTrie;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.MapUtils`. - */ -private class ApacheMapUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have more models for populateMap - ";MapUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";MapUtils;true;fixedSizeMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;fixedSizeMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;fixedSizeSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;fixedSizeSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;getMap;;;Argument[0].MapValue;ReturnValue;value;manual", - ";MapUtils;true;getMap;;;Argument[2];ReturnValue;value;manual", - ";MapUtils;true;getObject;;;Argument[0].MapValue;ReturnValue;value;manual", - ";MapUtils;true;getObject;;;Argument[2];ReturnValue;value;manual", - ";MapUtils;true;getString;;;Argument[0].MapValue;ReturnValue;value;manual", - ";MapUtils;true;getString;;;Argument[2];ReturnValue;value;manual", - ";MapUtils;true;invertMap;;;Argument[0].MapKey;ReturnValue.MapValue;value;manual", - ";MapUtils;true;invertMap;;;Argument[0].MapValue;ReturnValue.MapKey;value;manual", - ";MapUtils;true;iterableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;iterableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;iterableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;iterableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;lazyMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;lazyMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;lazySortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;lazySortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;multiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;multiValueMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;orderedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;orderedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;populateMap;(Map,Iterable,Transformer);;Argument[1].Element;Argument[0].MapValue;value;manual", - ";MapUtils;true;populateMap;(MultiMap,Iterable,Transformer);;Argument[1].Element;Argument[0].MapValue.Element;value;manual", - ";MapUtils;true;predicatedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;predicatedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;predicatedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;predicatedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement;Argument[0].MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement;ReturnValue.MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement;Argument[0].MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement;ReturnValue.MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;Argument[0].MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;ReturnValue.MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;Argument[0].MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.ArrayElement;ReturnValue.MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapKey;Argument[0].MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapValue;Argument[0].MapValue;value;manual", - ";MapUtils;true;putAll;;;Argument[1].ArrayElement.MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;safeAddToMap;;;Argument[1];Argument[0].MapKey;value;manual", - ";MapUtils;true;safeAddToMap;;;Argument[2];Argument[0].MapValue;value;manual", - ";MapUtils;true;synchronizedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;synchronizedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;synchronizedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;synchronizedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;toMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;toMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;transformedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;transformedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;transformedSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;transformedSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;unmodifiableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;unmodifiableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";MapUtils;true;unmodifiableSortedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MapUtils;true;unmodifiableSortedMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.CollectionUtils`. - */ -private class ApacheCollectionUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have a model for collect, forAllButLastDo, forAllDo, transform - ";CollectionUtils;true;addAll;(Collection,Object[]);;Argument[1].ArrayElement;Argument[0].Element;value;manual", - ";CollectionUtils;true;addAll;(Collection,Enumeration);;Argument[1].Element;Argument[0].Element;value;manual", - ";CollectionUtils;true;addAll;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;value;manual", - ";CollectionUtils;true;addAll;(Collection,Iterator);;Argument[1].Element;Argument[0].Element;value;manual", - ";CollectionUtils;true;addIgnoreNull;;;Argument[1];Argument[0].Element;value;manual", - ";CollectionUtils;true;collate;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;collate;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;disjunction;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;disjunction;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";CollectionUtils;true;extractSingleton;;;Argument[0].Element;ReturnValue;value;manual", - ";CollectionUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual", - ";CollectionUtils;true;get;(Iterator,int);;Argument[0].Element;ReturnValue;value;manual", - ";CollectionUtils;true;get;(Iterable,int);;Argument[0].Element;ReturnValue;value;manual", - ";CollectionUtils;true;get;(Map,int);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";CollectionUtils;true;get;(Map,int);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";CollectionUtils;true;get;(Object,int);;Argument[0].ArrayElement;ReturnValue;value;manual", - ";CollectionUtils;true;get;(Object,int);;Argument[0].Element;ReturnValue;value;manual", - ";CollectionUtils;true;get;(Object,int);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";CollectionUtils;true;get;(Object,int);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";CollectionUtils;true;getCardinalityMap;;;Argument[0].Element;ReturnValue.MapKey;value;manual", - ";CollectionUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;permutations;;;Argument[0].Element;ReturnValue.Element.Element;value;manual", - ";CollectionUtils;true;predicatedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;removeAll;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;retainAll;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate,Collection);;Argument[0].Element;Argument[2].Element;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate,Collection);;Argument[2];ReturnValue;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[0].Element;Argument[2].Element;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[0].Element;Argument[3].Element;value;manual", - ";CollectionUtils;true;select;(Iterable,Predicate,Collection,Collection);;Argument[2];ReturnValue;value;manual", - ";CollectionUtils;true;selectRejected;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;selectRejected;(Iterable,Predicate,Collection);;Argument[0].Element;Argument[2].Element;value;manual", - ";CollectionUtils;true;selectRejected;(Iterable,Predicate,Collection);;Argument[2];ReturnValue;value;manual", - ";CollectionUtils;true;subtract;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;synchronizedCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - // Note that `CollectionUtils.transformingCollection` does not transform existing list elements - ";CollectionUtils;true;transformingCollection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";CollectionUtils;true;unmodifiableCollection;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.ListUtils`. - */ -private class ApacheListUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";ListUtils;true;defaultIfNull;;;Argument[0];ReturnValue;value;manual", - ";ListUtils;true;defaultIfNull;;;Argument[1];ReturnValue;value;manual", - ";ListUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";ListUtils;true;fixedSizeList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual", - // Note that `ListUtils.lazyList` does not transform existing list elements - ";ListUtils;true;lazyList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;longestCommonSubsequence;(CharSequence,CharSequence);;Argument[0];ReturnValue;taint;manual", - ";ListUtils;true;longestCommonSubsequence;(CharSequence,CharSequence);;Argument[1];ReturnValue;taint;manual", - ";ListUtils;true;longestCommonSubsequence;(List,List);;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;longestCommonSubsequence;(List,List);;Argument[1].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;longestCommonSubsequence;(List,List,Equator);;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;longestCommonSubsequence;(List,List,Equator);;Argument[1].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;partition;;;Argument[0].Element;ReturnValue.Element.Element;value;manual", - ";ListUtils;true;predicatedList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;removeAll;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;retainAll;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;select;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;selectRejected;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;subtract;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;sum;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;sum;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;synchronizedList;;;Argument[0].Element;ReturnValue.Element;value;manual", - // Note that `ListUtils.transformedList` does not transform existing list elements - ";ListUtils;true;transformedList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";ListUtils;true;unmodifiableList;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.IteratorUtils`. - */ -private class ApacheIteratorUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - // Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterator - ";IteratorUtils;true;arrayIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";IteratorUtils;true;arrayListIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";IteratorUtils;true;asEnumeration;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;asIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;asIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;asMultipleUseIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;boundedIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;chainedIterator;(Collection);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;chainedIterator;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;chainedIterator;(Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;chainedIterator;(Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;collatedIterator;(Comparator,Collection);;Argument[1].Element.Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;collatedIterator;(Comparator,Iterator[]);;Argument[1].ArrayElement.Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;collatedIterator;(Comparator,Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;collatedIterator;(Comparator,Iterator,Iterator);;Argument[2].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;filteredIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;filteredListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual", - ";IteratorUtils;true;first;;;Argument[0].Element;ReturnValue;value;manual", - ";IteratorUtils;true;forEachButLast;;;Argument[0].Element;ReturnValue;value;manual", - ";IteratorUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual", - ";IteratorUtils;true;getIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;getIterator;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";IteratorUtils;true;getIterator;;;Argument[0];ReturnValue.Element;value;manual", - ";IteratorUtils;true;getIterator;;;Argument[0].MapValue;ReturnValue.Element;value;manual", - ";IteratorUtils;true;loopingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;loopingListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;peekingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;pushbackIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;singletonIterator;;;Argument[0];ReturnValue.Element;value;manual", - ";IteratorUtils;true;singletonListIterator;;;Argument[0];ReturnValue.Element;value;manual", - ";IteratorUtils;true;skippingIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;toArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual", - ";IteratorUtils;true;toList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;toListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;toString;;;Argument[2];ReturnValue;taint;manual", - ";IteratorUtils;true;toString;;;Argument[3];ReturnValue;taint;manual", - ";IteratorUtils;true;toString;;;Argument[4];ReturnValue;taint;manual", - ";IteratorUtils;true;unmodifiableIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;unmodifiableListIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;unmodifiableMapIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;unmodifiableMapIterator;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IteratorUtils;true;zippingIterator;(Iterator,Iterator,Iterator);;Argument[2].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.IterableUtils`. - */ -private class ApacheIterableUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - // Note that when lambdas are supported we should have a model for forEach, forEachButLast, transformedIterable - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";IterableUtils;true;boundedIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;chainedIterable;(Iterable,Iterable,Iterable,Iterable);;Argument[3].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;collatedIterable;(Comparator,Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;collatedIterable;(Comparator,Iterable,Iterable);;Argument[2].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;collatedIterable;(Iterable,Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;collatedIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";IterableUtils;true;filteredIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;find;;;Argument[0].Element;ReturnValue;value;manual", - ";IterableUtils;true;first;;;Argument[0].Element;ReturnValue;value;manual", - ";IterableUtils;true;forEachButLast;;;Argument[0].Element;ReturnValue;value;manual", - ";IterableUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual", - ";IterableUtils;true;loopingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;partition;;;Argument[0].Element;ReturnValue.Element.Element;value;manual", - ";IterableUtils;true;reversedIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;skippingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;toList;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;toString;;;Argument[2];ReturnValue;taint;manual", - ";IterableUtils;true;toString;;;Argument[3];ReturnValue;taint;manual", - ";IterableUtils;true;toString;;;Argument[4];ReturnValue;taint;manual", - ";IterableUtils;true;uniqueIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;unmodifiableIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;zippingIterable;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;zippingIterable;(Iterable,Iterable[]);;Argument[1].ArrayElement.Element;ReturnValue.Element;value;manual", - ";IterableUtils;true;zippingIterable;(Iterable,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.EnumerationUtils`. - */ -private class ApacheEnumerationUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";EnumerationUtils;true;get;;;Argument[0].Element;ReturnValue;value;manual", - ";EnumerationUtils;true;toList;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual", - ";EnumerationUtils;true;toList;(StringTokenizer);;Argument[0];ReturnValue.Element;taint;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.MultiMapUtils`. - */ -private class ApacheMultiMapUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";MultiMapUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";MultiMapUtils;true;getCollection;;;Argument[0].MapValue;ReturnValue;value;manual", - ";MultiMapUtils;true;getValuesAsBag;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiMapUtils;true;getValuesAsList;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiMapUtils;true;getValuesAsSet;;;Argument[0].MapValue.Element;ReturnValue.Element;value;manual", - ";MultiMapUtils;true;transformedMultiValuedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MultiMapUtils;true;transformedMultiValuedMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual", - ";MultiMapUtils;true;unmodifiableMultiValuedMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";MultiMapUtils;true;unmodifiableMultiValuedMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.MultiSetUtils`. - */ -private class ApacheMultiSetUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";MultiSetUtils;true;predicatedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";MultiSetUtils;true;synchronizedMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";MultiSetUtils;true;unmodifiableMultiSet;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.QueueUtils`. - */ -private class ApacheQueueUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";QueueUtils;true;predicatedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";QueueUtils;true;synchronizedQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";QueueUtils;true;transformingQueue;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";QueueUtils;true;unmodifiableQueue;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the classes `org.apache.commons.collections4.SetUtils` - * and `org.apache.commons.collections4.SetUtils$SetView`. - */ -private class ApacheSetUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";SetUtils$SetView;true;copyInto;;;Argument[-1].Element;Argument[0].Element;value;manual", - ";SetUtils$SetView;true;createIterator;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";SetUtils$SetView;true;toSet;;;Argument[-1].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;difference;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;disjunction;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;disjunction;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;emptyIfNull;;;Argument[0];ReturnValue;value;manual", - ";SetUtils;true;hashSet;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";SetUtils;true;intersection;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;intersection;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;orderedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;predicatedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;predicatedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;predicatedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;synchronizedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;synchronizedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;transformedNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;transformedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;transformedSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;union;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;union;;;Argument[1].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;unmodifiableNavigableSet;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;unmodifiableSet;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - ";SetUtils;true;unmodifiableSet;(Set);;Argument[0].Element;ReturnValue.Element;value;manual", - ";SetUtils;true;unmodifiableSortedSet;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.SplitMapUtils`. - */ -private class ApacheSplitMapUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";SplitMapUtils;true;readableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";SplitMapUtils;true;readableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - ";SplitMapUtils;true;writableMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";SplitMapUtils;true;writableMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.TrieUtils`. - */ -private class ApacheTrieUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";TrieUtils;true;unmodifiableTrie;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - ";TrieUtils;true;unmodifiableTrie;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} - -/** - * Value-propagating models for the class `org.apache.commons.collections4.BagUtils`. - */ -private class ApacheBagUtilsModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["org.apache.commons.collections4", "org.apache.commons.collections"] + - [ - ";BagUtils;true;collectionBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;predicatedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;predicatedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;synchronizedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;synchronizedSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;transformingBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;transformingSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;unmodifiableBag;;;Argument[0].Element;ReturnValue.Element;value;manual", - ";BagUtils;true;unmodifiableSortedBag;;;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll b/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll deleted file mode 100644 index 997bffb9110..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/apache/IO.qll +++ /dev/null @@ -1,23 +0,0 @@ -/** Custom definitions related to the Apache Commons IO library. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class ApacheCommonsIOCustomSummaryCsv extends SummaryModelCsv { - /** - * Models that are not yet auto generated or where the generated summaries will - * be ignored. - * Note that if a callable has any handwritten summary, all generated summaries - * will be ignored for that callable. - */ - override predicate row(string row) { - row = - [ - "org.apache.commons.io;IOUtils;false;toBufferedInputStream;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[0].Element;Argument[2];taint;manual", - "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[1];Argument[2];taint;manual", - "org.apache.commons.io;IOUtils;true;toByteArray;(Reader);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.io;IOUtils;true;toByteArray;(Reader,String);;Argument[0];ReturnValue;taint;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll index 84db672e935..ea04948d9bc 100644 --- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll +++ b/java/ql/lib/semmle/code/java/frameworks/apache/Lang.qll @@ -1,8 +1,6 @@ /** Definitions related to the Apache Commons Lang library. */ import java -import Lang2Generated -import Lang3Generated private import semmle.code.java.dataflow.FlowSteps private import semmle.code.java.dataflow.ExternalFlow diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll deleted file mode 100644 index 3d9c8116c59..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang2Generated.qll +++ /dev/null @@ -1,284 +0,0 @@ -/** Definitions related to the Apache Commons Lang 2 library. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class ApacheCommonsLangModel extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;append;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendln;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StrBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual", - "org.apache.commons.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;replace;(org.apache.commons.text.StrMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StrBuilder;false;StrBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(char[],int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.CharSequence,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.CharSequence);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuffer,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(java.lang.StringBuilder);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;replaceIn;(org.apache.commons.text.TextStringBuilder);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0].MapValue;Argument[-1];taint;manual", - "org.apache.commons.text;StringTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StringTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StringTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;StrTokenizer;false;StrTokenizer;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;StrTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;append;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendln;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replace;(org.apache.commons.text.matcher.StringMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;TextStringBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;TextStringBuilder;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;TextStringBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.text;TextStringBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text;TextStringBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.text;WordUtils;false;abbreviate;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;abbreviate;;;Argument[3];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;capitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;capitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;capitalizeFully;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;capitalizeFully;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;initials;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;initials;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;uncapitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;uncapitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;wrap;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.text.lookup;StringLookup;true;lookup;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.text.lookup;StringLookupFactory;false;mapStringLookup;;;Argument[0].MapValue;ReturnValue;taint;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll b/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll deleted file mode 100644 index 532bb20619e..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll +++ /dev/null @@ -1,436 +0,0 @@ -/** Definitions related to the Apache Commons Lang 3 library. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class ApacheCommonsLang3Model extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.commons.lang3;ArrayUtils;false;add;;;Argument[2];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(boolean[],boolean);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(byte[],byte);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(char[],char);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(double[],double);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(float[],float);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(int[],int);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(java.lang.Object[],java.lang.Object);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(long[],long);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;add;(short[],short);;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;addAll;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;addFirst;;;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;addFirst;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;clone;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;get;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;get;(java.lang.Object[],int,java.lang.Object);;Argument[2];ReturnValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;insert;;;Argument[1..2].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;nullToEmpty;(java.lang.Object[],java.lang.Class);;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;nullToEmpty;(java.lang.String[]);;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;remove;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;removeAll;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;removeAllOccurences;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;removeAllOccurrences;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;removeElement;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;removeElements;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;subarray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.ArrayElement;ReturnValue.MapKey;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.ArrayElement;ReturnValue.MapValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.MapKey;ReturnValue.MapKey;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toMap;;;Argument[0].ArrayElement.MapValue;ReturnValue.MapValue;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toObject;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;clone;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;cloneIfPossible;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;CONST_BYTE;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;CONST_SHORT;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;CONST;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;defaultIfNull;;;Argument[0..1];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;firstNonNull;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;getIfNull;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;max;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;median;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;min;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;mode;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;requireNonEmpty;;;Argument[0];ReturnValue;value;manual", - "org.apache.commons.lang3;ObjectUtils;false;toString;(Object,String);;Argument[1];ReturnValue;value;manual", - "org.apache.commons.lang3;RegExUtils;false;removeAll;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;removeFirst;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;removePattern;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceAll;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceAll;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringEscapeUtils;false;escapeJson;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;abbreviate;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;abbreviateMiddle;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;abbreviateMiddle;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;appendIfMissing;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;appendIfMissing;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;appendIfMissingIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;appendIfMissingIgnoreCase;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;center;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;center;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;chomp;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;chomp;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;chop;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;defaultIfBlank;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;defaultIfEmpty;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;defaultString;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;deleteWhitespace;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;difference;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;firstNonBlank;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;StringUtils;false;firstNonEmpty;;;Argument[0].ArrayElement;ReturnValue;value;manual", - "org.apache.commons.lang3;StringUtils;false;getBytes;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;getCommonPrefix;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;getDigits;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;getIfBlank;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;getIfEmpty;;;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(char[],char,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(char[],char);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,char);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char,int,int);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,char);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,char,int,int);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[0].Element;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;left;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;leftPad;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;leftPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;lowerCase;(java.lang.String,java.util.Locale);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;lowerCase;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;mid;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;normalizeSpace;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;overlay;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;overlay;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;prependIfMissing;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;prependIfMissing;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;prependIfMissingIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;prependIfMissingIgnoreCase;;;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;remove;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeAll;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeEnd;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeEndIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeFirst;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removePattern;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeStart;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;removeStartIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;repeat;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;repeat;(java.lang.String,java.lang.String,int);;Argument[1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replace;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replace;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceAll;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceAll;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceChars;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceChars;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[2].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[2].ArrayElement;ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceOnce;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceOnce;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceOnceIgnoreCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replaceOnceIgnoreCase;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replacePattern;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;replacePattern;;;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;reverse;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;reverseDelimited;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;right;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;rightPad;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;rightPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;rotate;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,java.lang.String,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;split;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitByCharacterType;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitByCharacterTypeCamelCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitByWholeSeparator;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitByWholeSeparatorPreserveAllTokens;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,java.lang.String,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;splitPreserveAllTokens;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripAccents;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripAll;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripEnd;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripStart;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripToEmpty;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;stripToNull;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substring;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringAfter;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringAfterLast;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringBefore;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringBeforeLast;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringBetween;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;substringsBetween;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;toCodePoints;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;toEncodedString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;toRootLowerCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;toRootUpperCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;toString;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;trim;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;trimToEmpty;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;trimToNull;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;truncate;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;unwrap;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;upperCase;(java.lang.String,java.util.Locale);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;upperCase;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;valueOf;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,char);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,boolean);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object);;Argument[0..1];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[],boolean);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[],boolean);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;appendAsObjectToString;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;getStringBuffer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.builder;ToStringBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.mutable;Mutable;true;getValue;;;Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];ReturnValue;value;manual", - "org.apache.commons.lang3.mutable;MutableObject;false;MutableObject;;;Argument[0];Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];value;manual", - "org.apache.commons.lang3.mutable;Mutable;true;setValue;;;Argument[0];Argument[-1].SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value];value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.CharSequence,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.CharSequence);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;append;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterable);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterator);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Object[]);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadRight;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder,int,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendln;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendNewLine;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendNull;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendPadding;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,int);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Argument[0].Element;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Object[],String);;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;asReader;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;asTokenizer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;delete;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;deleteAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;deleteCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;deleteFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;ensureCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;getChars;(char[]);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;getChars;(char[]);;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;getChars;(int,int,char[],int);;Argument[-1];Argument[2];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;insert;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;leftString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;midString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;minimizeCapacity;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;readFrom;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replace;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replace;(int,int,java.lang.String);;Argument[2];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replace;(org.apache.commons.lang3.text.StrMatcher,java.lang.String,int,int,int);;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceAll;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;replaceFirst;;;Argument[1];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;reverse;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;rightString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;setCharAt;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;setLength;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrBuilder;false;StrBuilder;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;subSequence;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;substring;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;toCharArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value;manual", - "org.apache.commons.lang3.text;StrLookup;false;lookup;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrLookup;false;mapLookup;;;Argument[0].MapValue;ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[],int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.CharSequence,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.CharSequence);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder);;Argument[-1];Argument[0];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0].MapValue;Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;clone;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;getContent;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;getTokenArray;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;getTokenList;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;next;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;previous;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;previousToken;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;reset;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;reset;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;StrTokenizer;;;Argument[0];Argument[-1];taint;manual", - "org.apache.commons.lang3.text;StrTokenizer;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;capitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;capitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;initials;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;initials;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;swapCase;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;uncapitalize;(java.lang.String,char[]);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;uncapitalize;(java.lang.String);;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;wrap;;;Argument[0];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean,java.lang.String);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean);;Argument[2];ReturnValue;taint;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;ImmutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;left;;;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;ImmutablePair;false;right;;;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;ImmutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;ImmutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;MutablePair;(java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;setLeft;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;setRight;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;MutablePair;false;setValue;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;MutableTriple;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;setLeft;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;setMiddle;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;MutableTriple;false;setRight;;;Argument[0];Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getKey;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getKey;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getValue;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutablePair.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;true;getValue;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutablePair.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.left];value;manual", - "org.apache.commons.lang3.tuple;Pair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutablePair.right];value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getMiddle;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getLeft;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.left];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getMiddle;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.middle];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;true;getRight;;;Argument[-1].Field[org.apache.commons.lang3.tuple.MutableTriple.right];ReturnValue;value;manual", - "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.left];value;manual", - "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle];value;manual", - "org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];ReturnValue.Field[org.apache.commons.lang3.tuple.ImmutableTriple.right];value;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll deleted file mode 100644 index 424dade4291..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/guava/Base.qll +++ /dev/null @@ -1,98 +0,0 @@ -/** Definitions of flow steps through utility methods of `com.google.common.base`. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class GuavaBaseCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "com.google.common.base;Strings;false;emptyToNull;(String);;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Strings;false;nullToEmpty;(String);;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Strings;false;padStart;(String,int,char);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Strings;false;padEnd;(String,int,char);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Strings;false;repeat;(String,int);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Strings;false;lenientFormat;(String,Object[]);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Strings;false;lenientFormat;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;on;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;skipNulls;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;useForNull;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;withKeyValueSeparator;(String);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;withKeyValueSeparator;(char);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;Argument[1..2];Argument[0];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(Appendable,Object,Object,Object[]);;Argument[3].ArrayElement;Argument[0];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterable);;Argument[1].Element;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(Appendable,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(Appendable,Iterator);;Argument[1].Element;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;Argument[1..2];Argument[0];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object,Object,Object[]);;Argument[3].ArrayElement;Argument[0];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterable);;Argument[1].Element;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;(StringBuilder,Iterator);;Argument[1].Element;Argument[-1];taint;manual", - "com.google.common.base;Joiner;false;appendTo;;;Argument[-1];Argument[0];taint;manual", - "com.google.common.base;Joiner;false;appendTo;;;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Joiner;false;join;;;Argument[-1..2];ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[1];Argument[0];taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;;;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;Argument[0].Element.MapKey;ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;Argument[0].Element.MapValue;ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;Argument[0].Element.MapKey;ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;Argument[0].Element.MapValue;ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Map);;Argument[0].MapKey;ReturnValue;taint;manual", - "com.google.common.base;Joiner$MapJoiner;false;join;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - "com.google.common.base;Splitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Splitter;false;splitToStream;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Splitter$MapSplitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Preconditions;false;checkNotNull;;;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Verify;false;verifyNotNull;;;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Ascii;false;toLowerCase;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Ascii;false;toLowerCase;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Ascii;false;toUpperCase;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Ascii;false;toUpperCase;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Ascii;false;truncate;(CharSequence,int,String);;Argument[2];ReturnValue;taint;manual", - "com.google.common.base;CaseFormat;true;to;(CaseFormat,String);;Argument[1];ReturnValue;taint;manual", - "com.google.common.base;Converter;true;apply;(Object);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Converter;true;convert;(Object);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Converter;true;convertAll;(Iterable);;Argument[0].Element;ReturnValue.Element;taint;manual", - "com.google.common.base;Supplier;true;get;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.base;Suppliers;false;ofInstance;(Object);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Suppliers;false;memoize;(Supplier);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Suppliers;false;memoizeWithExpiration;(Supplier,long,TimeUnit);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Suppliers;false;synchronizedSupplier;(Supplier);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Optional;true;fromJavaUtil;(Optional);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;fromNullable;(Object);;Argument[0];ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;get;();;Argument[-1].Element;ReturnValue;value;manual", - "com.google.common.base;Optional;true;asSet;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;of;(Object);;Argument[0];ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;or;(Optional);;Argument[-1..0].Element;ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;or;(Supplier);;Argument[-1].Element;ReturnValue;value;manual", - "com.google.common.base;Optional;true;or;(Supplier);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;Optional;true;or;(Object);;Argument[-1].Element;ReturnValue;value;manual", - "com.google.common.base;Optional;true;or;(Object);;Argument[0];ReturnValue;value;manual", - "com.google.common.base;Optional;true;orNull;();;Argument[-1].Element;ReturnValue;value;manual", - "com.google.common.base;Optional;true;presentInstances;(Iterable);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;toJavaUtil;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.base;Optional;true;toJavaUtil;(Optional);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.base;MoreObjects;false;firstNonNull;(Object,Object);;Argument[0..1];ReturnValue;value;manual", - "com.google.common.base;MoreObjects;false;toStringHelper;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[0];Argument[-1];taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;add;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;add;(String,Object);;Argument[1];ReturnValue;taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;add;(String,Object);;Argument[1];Argument[-1];taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;(Object);;Argument[0];ReturnValue;taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;addValue;(Object);;Argument[0];Argument[-1];taint;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;omitNullValues;();;Argument[-1];ReturnValue;value;manual", - "com.google.common.base;MoreObjects$ToStringHelper;false;toString;();;Argument[-1];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll deleted file mode 100644 index d1f8cf4f776..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/guava/Cache.qll +++ /dev/null @@ -1,32 +0,0 @@ -/** Flow steps through methods of `com.google.common.cache` */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class GuavaBaseCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "com.google.common.cache;Cache;true;asMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.cache;Cache;true;asMap;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - // lambda flow from Argument[1] not implemented - "com.google.common.cache;Cache;true;get;(Object,Callable);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.cache;Cache;true;getIfPresent;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - // the true flow to MapKey of ReturnValue for getAllPresent is the intersection of the these inputs, but intersections cannot be modeled fully accurately. - "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.cache;Cache;true;getAllPresent;(Iterable);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.cache;Cache;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.cache;Cache;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.cache;Cache;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.cache;Cache;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.cache;LoadingCache;true;get;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.cache;LoadingCache;true;getUnchecked;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.cache;LoadingCache;true;apply;(Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[0].Element;Argument[-1].MapKey;value;manual", - "com.google.common.cache;LoadingCache;true;getAll;(Iterable);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll index feb27d22ec0..c20bafb36de 100644 --- a/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll +++ b/java/ql/lib/semmle/code/java/frameworks/guava/Collections.qll @@ -8,571 +8,6 @@ private import semmle.code.java.Collections private string guavaCollectPackage() { result = "com.google.common.collect" } -private class GuavaCollectCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind", - // Methods depending on lambda flow are not currently modeled - // Methods depending on stronger aliasing properties than we support are also not modeled. - "com.google.common.collect;ArrayListMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ArrayListMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ArrayTable;true;create;(Iterable,Iterable);;Argument[0].Element;ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ArrayTable;true;create;(Iterable,Iterable);;Argument[1].Element;ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ArrayTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;BiMap;true;forcePut;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;BiMap;true;forcePut;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.collect;BiMap;true;inverse;();;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - "com.google.common.collect;BiMap;true;inverse;();;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ClassToInstanceMap;true;getInstance;(Class);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.collect;ClassToInstanceMap;true;putInstance;(Class,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.collect;ClassToInstanceMap;true;putInstance;(Class,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.collect;Collections2;false;filter;(Collection,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Collections2;false;orderedPermutations;(Iterable);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Collections2;false;orderedPermutations;(Iterable,Comparator);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Collections2;false;permutations;(Collection);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;ConcurrentHashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;HashBasedTable;true;create;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;HashBiMap;true;create;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;HashBiMap;true;create;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;HashMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;HashMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;HashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableBiMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableClassToInstanceMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableClassToInstanceMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableClassToInstanceMap;true;of;(Class,Object);;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableClassToInstanceMap;true;of;(Class,Object);;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;add;(Object);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;add;(Object[]);;Argument[0].ArrayElement;Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;add;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;addAll;(Iterable);;Argument[0].Element;Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;addAll;(Iterator);;Argument[0].Element;Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;addAll;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableCollection$Builder;true;build;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableCollection;true;asList;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;of;;;Argument[0..11];ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;of;;;Argument[12].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;reverse;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;sortedCopyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableList;true;sortedCopyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableListMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;build;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;orderEntriesByValue;(Comparator);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;put;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;put;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;put;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;putAll;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMap$Builder;true;putAll;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;build;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;orderKeysBy;(Comparator);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;orderValuesBy;(Comparator);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Entry);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Entry);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;put;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Iterable);;Argument[0].Element.MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Multimap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Multimap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Object[]);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;(Object,Object[]);;Argument[1].ArrayElement;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap$Builder;true;putAll;;;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;copyOf;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;copyOf;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;inverse;();;Argument[-1].MapKey;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;inverse;();;Argument[-1].MapValue;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableMultiset$Builder;true;addCopies;(Object,int);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableMultiset$Builder;true;addCopies;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableMultiset$Builder;true;setCount;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;ImmutableMultiset;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableMultiset;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableMultiset;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableMultiset;true;of;;;Argument[0..5];ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableMultiset;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;copyOf;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;of;;;Argument[0..5];ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSet;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSetMultimap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable,Comparator);;Argument[0].Element.MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Iterable,Comparator);;Argument[0].Element.MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map,Comparator);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOf;(Map,Comparator);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOfSorted;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;copyOfSorted;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[2];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[3];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[4];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[5];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[6];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[7];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[8];ReturnValue.MapKey;value;manual", - "com.google.common.collect;ImmutableSortedMap;true;of;;;Argument[9];ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparable[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Comparator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;copyOfSorted;(SortedMultiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;of;;;Argument[0..5];ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedMultiset;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Collection);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparable[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Collection);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Iterable);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Comparator,Iterator);;Argument[1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOf;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;copyOfSorted;(SortedSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;of;;;Argument[0..5];ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableSortedSet;true;of;;;Argument[6].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;build;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;orderColumnsBy;(Comparator);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;orderRowsBy;(Comparator);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Cell);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[0];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[1];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[-1];ReturnValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable$Builder;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable;true;copyOf;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[0];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[1];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;ImmutableTable;true;of;(Object,Object,Object);;Argument[2];ReturnValue.MapValue;value;manual", - "com.google.common.collect;Iterables;false;addAll;(Collection,Iterable);;Argument[1].Element;Argument[0].Element;value;manual", - "com.google.common.collect;Iterables;false;concat;(Iterable);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable,Iterable);;Argument[0..2].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;concat;(Iterable,Iterable,Iterable,Iterable);;Argument[0..3].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;concat;(Iterable[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;consumingIterable;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;cycle;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;cycle;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;filter;(Iterable,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;filter;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;find;(Iterable,Predicate);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;find;(Iterable,Predicate,Object);;Argument[2];ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;find;(Iterable,Predicate,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;get;(Iterable,int);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;get;(Iterable,int,Object);;Argument[2];ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;get;(Iterable,int,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getLast;(Iterable);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getLast;(Iterable,Object);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getLast;(Iterable,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable,Object);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;getOnlyElement;(Iterable,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterables;false;limit;(Iterable,int);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;mergeSorted;(Iterable,Comparator);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;paddedPartition;(Iterable,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Iterables;false;partition;(Iterable,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Iterables;false;skip;(Iterable,int);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;toArray;(Iterable,Class);;Argument[0].Element;ReturnValue.ArrayElement;value;manual", - //"com.google.common.collect;Iterables;false;toString;(Iterable);;Element of Argument[0];ReturnValue;taint;manual", - "com.google.common.collect;Iterables;false;tryFind;(Iterable,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;unmodifiableIterable;(ImmutableCollection);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterables;false;unmodifiableIterable;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;addAll;(Collection,Iterator);;Argument[1].Element;Argument[0].Element;value;manual", - "com.google.common.collect;Iterators;false;asEnumeration;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;concat;(Iterator);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator,Iterator);;Argument[0..2].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;concat;(Iterator,Iterator,Iterator,Iterator);;Argument[0..3].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;concat;(Iterator[]);;Argument[0].ArrayElement.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;consumingIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;cycle;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;cycle;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;filter;(Iterator,Class);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;filter;(Iterator,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;find;(Iterator,Predicate);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;find;(Iterator,Predicate,Object);;Argument[2];ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;find;(Iterator,Predicate,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;forArray;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;forEnumeration;(Enumeration);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;get;(Iterator,int);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;get;(Iterator,int,Object);;Argument[2];ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;get;(Iterator,int,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getLast;(Iterator);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getLast;(Iterator,Object);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getLast;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getNext;(Iterator,Object);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getNext;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator,Object);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;getOnlyElement;(Iterator,Object);;Argument[0].Element;ReturnValue;value;manual", - "com.google.common.collect;Iterators;false;limit;(Iterator,int);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;mergeSorted;(Iterable,Comparator);;Argument[0].Element.Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;paddedPartition;(Iterator,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Iterators;false;partition;(Iterator,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Iterators;false;peekingIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;peekingIterator;(PeekingIterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;singletonIterator;(Object);;Argument[0];ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;toArray;(Iterator,Class);;Argument[0].Element;ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;Iterators;false;tryFind;(Iterator,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;unmodifiableIterator;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Iterators;false;unmodifiableIterator;(UnmodifiableIterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;LinkedHashMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;LinkedHashMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;LinkedHashMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;LinkedListMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;LinkedListMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Lists;false;asList;(Object,Object,Object[]);;Argument[0..1];ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;asList;(Object,Object,Object[]);;Argument[2].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;asList;(Object,Object[]);;Argument[0];ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;asList;(Object,Object[]);;Argument[1].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;cartesianProduct;(List);;Argument[0].Element.Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Lists;false;cartesianProduct;(List[]);;Argument[0].ArrayElement.Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Lists;false;charactersOf;(CharSequence);;Argument[0];ReturnValue.Element;taint;manual", - "com.google.common.collect;Lists;false;charactersOf;(String);;Argument[0];ReturnValue.Element;taint;manual", - "com.google.common.collect;Lists;false;newArrayList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;newArrayList;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;newArrayList;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;newCopyOnWriteArrayList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;newLinkedList;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Lists;false;partition;(List,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Lists;false;reverse;(List);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;MapDifference$ValueDifference;true;leftValue;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left];ReturnValue;value;manual", - "com.google.common.collect;MapDifference$ValueDifference;true;rightValue;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right];ReturnValue;value;manual", - "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.left];value;manual", - "com.google.common.collect;MapDifference;true;entriesDiffering;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue.SyntheticField[com.google.common.collect.MapDifference.right];value;manual", - "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;MapDifference;true;entriesInCommon;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;MapDifference;true;entriesOnlyOnLeft;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesOnlyOnLeft;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.left].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;MapDifference;true;entriesOnlyOnRight;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MapDifference;true;entriesOnlyOnRight;();;Argument[-1].SyntheticField[com.google.common.collect.MapDifference.right].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;asMap;(NavigableSet,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;asMap;(Set,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;asMap;(SortedSet,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual", - "com.google.common.collect;Maps;false;difference;(Map,Map,Equivalence);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual", - "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[1].MapKey;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapKey;value;manual", - "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[0].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.left].MapValue;value;manual", - "com.google.common.collect;Maps;false;difference;(SortedMap,Map);;Argument[1].MapValue;ReturnValue.SyntheticField[com.google.common.collect.MapDifference.right].MapValue;value;manual", - "com.google.common.collect;Maps;false;filterEntries;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;filterKeys;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;filterValues;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;fromProperties;(Properties);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;fromProperties;(Properties);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;immutableEntry;(Object,Object);;Argument[0];ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;immutableEntry;(Object,Object);;Argument[1];ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;immutableEnumMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;newEnumMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;newHashMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;newHashMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;newLinkedHashMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;newLinkedHashMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;newTreeMap;(SortedMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;newTreeMap;(SortedMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;subMap;(NavigableMap,Range);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;subMap;(NavigableMap,Range);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;synchronizedBiMap;(BiMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;synchronizedBiMap;(BiMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;synchronizedNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;toMap;(Iterable,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;toMap;(Iterator,Function);;Argument[0].Element;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;transformValues;(Map,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;transformValues;(NavigableMap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;transformValues;(SortedMap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;uniqueIndex;(Iterable,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;uniqueIndex;(Iterator,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;unmodifiableBiMap;(BiMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;unmodifiableBiMap;(BiMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Maps;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Maps;false;unmodifiableNavigableMap;(NavigableMap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimap;true;asMap;();;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimap;true;asMap;();;Argument[-1].MapValue;ReturnValue.MapValue.Element;value;manual", - "com.google.common.collect;Multimap;true;entries;();;Argument[-1].MapKey;ReturnValue.Element.MapKey;value;manual", - "com.google.common.collect;Multimap;true;entries;();;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual", - "com.google.common.collect;Multimap;true;get;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimap;true;keySet;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimap;true;keys;();;Argument[-1].MapKey;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimap;true;put;(Object,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;Multimap;true;put;(Object,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "com.google.common.collect;Multimap;true;putAll;(Multimap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "com.google.common.collect;Multimap;true;putAll;(Multimap);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;Multimap;true;putAll;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;Multimap;true;putAll;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual", - "com.google.common.collect;Multimap;true;removeAll;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[0];Argument[-1].MapKey;value;manual", - "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[1].Element;Argument[-1].MapValue;value;manual", - "com.google.common.collect;Multimap;true;replaceValues;(Object,Iterable);;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimap;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;asMap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue.Element;value;manual", - "com.google.common.collect;Multimaps;false;filterEntries;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterEntries;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;filterEntries;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterEntries;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;filterKeys;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterKeys;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;filterKeys;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterKeys;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;filterValues;(Multimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterValues;(Multimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;filterValues;(SetMultimap,Predicate);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;filterValues;(SetMultimap,Predicate);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;forMap;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;forMap;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;index;(Iterable,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;index;(Iterator,Function);;Argument[0].Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[1];ReturnValue;value;manual", - "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[0].MapKey;Argument[1].MapValue;value;manual", - "com.google.common.collect;Multimaps;false;invertFrom;(Multimap,Multimap);;Argument[0].MapValue;Argument[1].MapKey;value;manual", - "com.google.common.collect;Multimaps;false;newListMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;newListMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;newMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;newMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;newSetMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;newSetMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;newSortedSetMultimap;(Map,Supplier);;Argument[0].MapValue.Element;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;newSortedSetMultimap;(Map,Supplier);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedListMultimap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedListMultimap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedMultimap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedMultimap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedSetMultimap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedSetMultimap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;synchronizedSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;transformValues;(ListMultimap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;transformValues;(Multimap,Function);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ImmutableListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ImmutableListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ListMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableListMultimap;(ListMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(ImmutableMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(ImmutableMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableMultimap;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(ImmutableSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(ImmutableSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(SetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSetMultimap;(SetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;Multimaps;false;unmodifiableSortedSetMultimap;(SortedSetMultimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Multiset$Entry;true;getElement;();;Argument[-1].Element;ReturnValue;value;manual", - "com.google.common.collect;Multiset;true;add;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;Multiset;true;elementSet;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multiset;true;entrySet;();;Argument[-1].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Multiset;true;setCount;(Object,int);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;Multiset;true;setCount;(Object,int,int);;Argument[0];Argument[-1].Element;value;manual", - "com.google.common.collect;Multisets;false;copyHighestCountFirst;(Multiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;difference;(Multiset,Multiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;filter;(Multiset,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;immutableEntry;(Object,int);;Argument[0];ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;intersection;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;sum;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;union;(Multiset,Multiset);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;unmodifiableMultiset;(ImmutableMultiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;unmodifiableMultiset;(Multiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Multisets;false;unmodifiableSortedMultiset;(SortedMultiset);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;MutableClassToInstanceMap;true;create;(Map);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;MutableClassToInstanceMap;true;create;(Map);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;ObjectArrays;false;concat;(Object,Object[]);;Argument[0];ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;ObjectArrays;false;concat;(Object,Object[]);;Argument[1].ArrayElement;ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object);;Argument[1];ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object);;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;ObjectArrays;false;concat;(Object[],Object[],Class);;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual", - "com.google.common.collect;Queues;false;drain;(BlockingQueue,Collection,int,Duration);;Argument[0].Element;Argument[1].Element;value;manual", - "com.google.common.collect;Queues;false;drain;(BlockingQueue,Collection,int,long,TimeUnit);;Argument[0].Element;Argument[1].Element;value;manual", - "com.google.common.collect;Queues;false;newArrayDeque;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;newConcurrentLinkedQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;newLinkedBlockingDeque;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;newLinkedBlockingQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;newPriorityBlockingQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;newPriorityQueue;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;synchronizedDeque;(Deque);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Queues;false;synchronizedQueue;(Queue);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets$SetView;true;copyInto;(Set);;Argument[-1].Element;Argument[0].Element;value;manual", - "com.google.common.collect;Sets$SetView;true;immutableCopy;();;Argument[-1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;cartesianProduct;(List);;Argument[0].Element.Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Sets;false;cartesianProduct;(Set[]);;Argument[0].ArrayElement.Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Sets;false;combinations;(Set,int);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Sets;false;difference;(Set,Set);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;filter;(NavigableSet,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;filter;(Set,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;filter;(SortedSet,Predicate);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;intersection;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newConcurrentHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newCopyOnWriteArraySet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newHashSet;(Iterator);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newHashSet;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newLinkedHashSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newSetFromMap;(Map);;Argument[0].MapKey;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;newTreeSet;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;powerSet;(Set);;Argument[0].Element;ReturnValue.Element.Element;value;manual", - "com.google.common.collect;Sets;false;subSet;(NavigableSet,Range);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;symmetricDifference;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;synchronizedNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;union;(Set,Set);;Argument[0..1].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Sets;false;unmodifiableNavigableSet;(NavigableSet);;Argument[0].Element;ReturnValue.Element;value;manual", - "com.google.common.collect;Table$Cell;true;getColumnKey;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue;value;manual", - "com.google.common.collect;Table$Cell;true;getRowKey;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue;value;manual", - "com.google.common.collect;Table$Cell;true;getValue;();;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.collect;Table;true;cellSet;();;Argument[-1].MapValue;ReturnValue.Element.MapValue;value;manual", - "com.google.common.collect;Table;true;cellSet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.Element.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Table;true;cellSet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.Element.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Table;true;column;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Table;true;column;(Object);;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapKey;value;manual", - "com.google.common.collect;Table;true;columnKeySet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.Element;value;manual", - "com.google.common.collect;Table;true;columnMap;();;Argument[-1].MapValue;ReturnValue.MapValue.MapValue;value;manual", - "com.google.common.collect;Table;true;columnMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapKey;value;manual", - "com.google.common.collect;Table;true;columnMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapValue.MapKey;value;manual", - "com.google.common.collect;Table;true;get;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[0];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[1];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Table;true;put;(Object,Object,Object);;Argument[2];Argument[-1].MapValue;value;manual", - "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Table;true;putAll;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Table;true;remove;(Object,Object);;Argument[-1].MapValue;ReturnValue;value;manual", - "com.google.common.collect;Table;true;row;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Table;true;row;(Object);;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapKey;value;manual", - "com.google.common.collect;Table;true;rowKeySet;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.Element;value;manual", - "com.google.common.collect;Table;true;rowMap;();;Argument[-1].MapValue;ReturnValue.MapValue.MapValue;value;manual", - "com.google.common.collect;Table;true;rowMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.MapValue.MapKey;value;manual", - "com.google.common.collect;Table;true;rowMap;();;Argument[-1].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.MapKey;value;manual", - "com.google.common.collect;Table;true;values;();;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[0];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[1];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;immutableCell;(Object,Object,Object);;Argument[2];ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapKey;ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapValue.MapKey;ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;newCustomTable;(Map,Supplier);;Argument[0].MapValue.MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;synchronizedTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;transformValues;(Table,Function);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;transformValues;(Table,Function);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;transpose;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;unmodifiableRowSortedTable;(RowSortedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;Tables;false;unmodifiableTable;(Table);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.columnKey];ReturnValue.SyntheticField[com.google.common.collect.Table.columnKey];value;manual", - "com.google.common.collect;TreeBasedTable;true;create;(TreeBasedTable);;Argument[0].SyntheticField[com.google.common.collect.Table.rowKey];ReturnValue.SyntheticField[com.google.common.collect.Table.rowKey];value;manual", - "com.google.common.collect;TreeMultimap;true;create;(Multimap);;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "com.google.common.collect;TreeMultimap;true;create;(Multimap);;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "com.google.common.collect;TreeMultiset;true;create;(Iterable);;Argument[0].Element;ReturnValue.Element;value;manual" - ] - } -} - /** * A reference type that extends a parameterization of `com.google.common.collect.Multimap`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll b/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll index d7a4ab959df..5dd8aaa18ee 100644 --- a/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll +++ b/java/ql/lib/semmle/code/java/frameworks/guava/Guava.qll @@ -3,7 +3,4 @@ */ import java -import Base import Collections -import IO -import Cache diff --git a/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll b/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll deleted file mode 100644 index 59fc0113e10..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/guava/IO.qll +++ /dev/null @@ -1,101 +0,0 @@ -/** Definitions of taint steps in the IO package of the Guava framework */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class GuavaIoCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "com.google.common.io;BaseEncoding;true;decode;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;decodingStream;(Reader);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;decodingSource;(CharSource);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;encode;(byte[]);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;withSeparator;(String,int);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;decode;(CharSequence);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;decodingStream;(Reader);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;decodingSource;(CharSource);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;encode;(byte[]);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;upperCase;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;lowerCase;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;withPadChar;(char);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;omitPadding;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;concat;(ByteSource[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;concat;(Iterable);;Argument[0].Element;ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;concat;(Iterator);;Argument[0].Element;ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint;manual", - "com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;read;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;slice;(long,long);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteSource;true;wrap;(byte[]);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;copy;(InputStream,OutputStream);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;ByteStreams;false;copy;(ReadableByteChannel,WritableByteChannel);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;ByteStreams;false;limit;(InputStream,long);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;newDataInput;(byte[]);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;newDataInput;(byte[],int);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;newDataInput;(ByteArrayInputStream);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;newDataOutput;(ByteArrayOutputStream);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;ByteStreams;false;read;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[]);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;ByteStreams;false;toByteArray;(InputStream);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;asByteSource;(Charset);;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;concat;(CharSource[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;concat;(Iterable);;Argument[0].Element;ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;concat;(Iterator);;Argument[0].Element;ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;copyTo;(Appendable);;Argument[-1];Argument[0];taint;manual", - "com.google.common.io;CharSource;true;openStream;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;read;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;readFirstLine;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;readLines;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;lines;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;CharSource;true;wrap;(CharSequence);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;CharStreams;false;copy;(Readable,Appendable);;Argument[0];Argument[1];taint;manual", - "com.google.common.io;CharStreams;false;readLines;(Readable);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;CharStreams;false;toString;(Readable);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;Closer;true;register;;;Argument[0];ReturnValue;value;manual", - "com.google.common.io;Files;false;getFileExtension;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;Files;false;getNameWithoutExtension;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;Files;false;simplifyPath;(String);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;MoreFiles;false;getFileExtension;(Path);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;MoreFiles;false;getNameWithoutExtension;(Path);;Argument[0];ReturnValue;taint;manual", - "com.google.common.io;LineReader;false;LineReader;(Readable);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;LineReader;true;readLine;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;toByteArray;();;Argument[-1];ReturnValue;taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;write;(byte[]);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;write;(byte[],int,int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;write;(int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeByte;(int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeBytes;(String);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeChar;(int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeChars;(String);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeDouble;(double);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeFloat;(float);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeInt;(int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeLong;(long);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeShort;(int);;Argument[0];Argument[-1];taint;manual", - "com.google.common.io;ByteArrayDataOutput;true;writeUTF;(String);;Argument[0];Argument[-1];taint;manual" - ] - } -} - -private class GuavaIoSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; kind` - "com.google.common.io;Resources;false;asByteSource;(URL);;Argument[0];url-open-stream;manual", - "com.google.common.io;Resources;false;asCharSource;(URL,Charset);;Argument[0];url-open-stream;manual", - "com.google.common.io;Resources;false;copy;(URL,OutputStream);;Argument[0];url-open-stream;manual", - "com.google.common.io;Resources;false;readLines;;;Argument[0];url-open-stream;manual", - "com.google.common.io;Resources;false;toByteArray;(URL);;Argument[0];url-open-stream;manual", - "com.google.common.io;Resources;false;toString;(URL,Charset);;Argument[0];url-open-stream;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll b/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll index 20a7303dd76..c109b980508 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jOOQ.qll @@ -22,9 +22,3 @@ predicate jOOQSqlMethod(Method m) { m.getAnAnnotation() instanceof PlainSqlType and m.getParameterType(0) instanceof TypeString } - -private class SqlSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = "org.jooq;PlainSQL;false;;;Annotated;Argument[0];sql;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll index 400f96598c1..7499e26450c 100644 --- a/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll +++ b/java/ql/lib/semmle/code/java/frameworks/jackson/JacksonSerializability.qll @@ -282,18 +282,3 @@ class JacksonMixedInCallable extends Callable { ) } } - -private class JacksonModel extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint;manual", - "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0].MapValue;ReturnValue;taint;manual", - "com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0].MapValue.Element;ReturnValue;taint;manual", - "com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint;manual", - "com.fasterxml.jackson.databind;ObjectMapper;false;createParser;;;Argument[0];ReturnValue;taint;manual", - "com.fasterxml.jackson.databind;ObjectReader;false;createParser;;;Argument[0];ReturnValue;taint;manual", - "com.fasterxml.jackson.core;JsonFactory;false;createParser;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll index 9efa891676b..17eec30769a 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll @@ -12,22 +12,6 @@ class FacesContext extends RefType { } } -private class ExternalContextSource extends SourceModelCsv { - override predicate row(string row) { - row = - ["javax.", "jakarta."] + - [ - "faces.context;ExternalContext;true;getRequestParameterMap;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestParameterNames;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestParameterValuesMap;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestPathInfo;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestCookieMap;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestHeaderMap;();;ReturnValue;remote;manual", - "faces.context;ExternalContext;true;getRequestHeaderValuesMap;();;ReturnValue;remote;manual" - ] - } -} - /** * The method `getResponseWriter()` declared in JSF `ExternalContext`. */ @@ -49,15 +33,3 @@ class FacesGetResponseStreamMethod extends Method { this.getNumberOfParameters() = 0 } } - -private class ExternalContextXssSink extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.faces.context;ResponseWriter;true;write;;;Argument[0];xss;manual", - "javax.faces.context;ResponseStream;true;write;;;Argument[0];xss;manual", - "jakarta.faces.context;ResponseWriter;true;write;;;Argument[0];xss;manual", - "jakarta.faces.context;ResponseStream;true;write;;;Argument[0];xss;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll b/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll deleted file mode 100644 index 3d70961cf37..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/kotlin/StdLib.qll +++ /dev/null @@ -1,14 +0,0 @@ -/** Definitions of taint steps in the KotlinStdLib framework */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class KotlinStdLibSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "kotlin.jvm.internal;ArrayIteratorKt;false;iterator;(Object[]);;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "kotlin.collections;ArraysKt;false;withIndex;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll b/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll deleted file mode 100644 index 772ea3866e5..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/ratpack/Ratpack.qll +++ /dev/null @@ -1,135 +0,0 @@ -/** - * Provides classes and predicates related to `ratpack.*`. - */ - -import java -private import semmle.code.java.dataflow.DataFlow -private import semmle.code.java.dataflow.FlowSteps -private import semmle.code.java.dataflow.ExternalFlow - -/** - * Ratpack methods that access user-supplied request data. - */ -private class RatpackHttpSource extends SourceModelCsv { - override predicate row(string row) { - row = - ["ratpack.http;", "ratpack.core.http;"] + - [ - "Request;true;getContentLength;;;ReturnValue;remote;manual", - "Request;true;getCookies;;;ReturnValue;remote;manual", - "Request;true;oneCookie;;;ReturnValue;remote;manual", - "Request;true;getHeaders;;;ReturnValue;remote;manual", - "Request;true;getPath;;;ReturnValue;remote;manual", - "Request;true;getQuery;;;ReturnValue;remote;manual", - "Request;true;getQueryParams;;;ReturnValue;remote;manual", - "Request;true;getRawUri;;;ReturnValue;remote;manual", - "Request;true;getUri;;;ReturnValue;remote;manual", - "Request;true;getBody;;;ReturnValue;remote;manual" - ] - or - // All Context#parse methods that return a Promise are remote flow sources. - row = - ["ratpack.handling;", "ratpack.core.handling;"] + "Context;true;parse;" + - [ - "(java.lang.Class);", "(com.google.common.reflect.TypeToken);", - "(java.lang.Class,java.lang.Object);", - "(com.google.common.reflect.TypeToken,java.lang.Object);", "(ratpack.core.parse.Parse);", - "(ratpack.parse.Parse);" - ] + ";ReturnValue;remote;manual" - } -} - -/** - * Ratpack methods that propagate user-supplied request data as tainted. - */ -private class RatpackModel extends SummaryModelCsv { - override predicate row(string row) { - row = - ["ratpack.http;", "ratpack.core.http;"] + - [ - "TypedData;true;getBuffer;;;Argument[-1];ReturnValue;taint;manual", - "TypedData;true;getBytes;;;Argument[-1];ReturnValue;taint;manual", - "TypedData;true;getContentType;;;Argument[-1];ReturnValue;taint;manual", - "TypedData;true;getInputStream;;;Argument[-1];ReturnValue;taint;manual", - "TypedData;true;getText;;;Argument[-1];ReturnValue;taint;manual", - "TypedData;true;writeTo;;;Argument[-1];Argument[0];taint;manual", - "Headers;true;get;;;Argument[-1];ReturnValue;taint;manual", - "Headers;true;getAll;;;Argument[-1];ReturnValue;taint;manual", - "Headers;true;getNames;;;Argument[-1];ReturnValue;taint;manual", - "Headers;true;asMultiValueMap;;;Argument[-1];ReturnValue;taint;manual" - ] - or - row = - ["ratpack.form;", "ratpack.core.form;"] + - [ - "UploadedFile;true;getFileName;;;Argument[-1];ReturnValue;taint;manual", - "Form;true;file;;;Argument[-1];ReturnValue;taint;manual", - "Form;true;files;;;Argument[-1];ReturnValue;taint;manual" - ] - or - row = - ["ratpack.handling;", "ratpack.core.handling;"] + - [ - "Context;true;parse;(ratpack.http.TypedData,ratpack.parse.Parse);;Argument[0];ReturnValue;taint;manual", - "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue;taint;manual", - "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue.MapKey;taint;manual", - "Context;true;parse;(ratpack.core.http.TypedData,ratpack.core.parse.Parse);;Argument[0];ReturnValue.MapValue;taint;manual" - ] - or - row = - ["ratpack.util;", "ratpack.func;"] + - [ - "MultiValueMap;true;getAll;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "MultiValueMap;true;getAll;();;Argument[-1].MapValue;ReturnValue.MapValue.Element;value;manual", - "MultiValueMap;true;getAll;(Object);;Argument[-1].MapValue;ReturnValue.Element;value;manual", - "MultiValueMap;true;asMultimap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "MultiValueMap;true;asMultimap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual" - ] - or - exists(string left, string right | - left = "Field[ratpack.func.Pair.left]" and - right = "Field[ratpack.func.Pair.right]" - | - row = - ["ratpack.util;", "ratpack.func;"] + "Pair;true;" + - [ - "of;;;Argument[0];ReturnValue." + left + ";value;manual", - "of;;;Argument[1];ReturnValue." + right + ";value;manual", - "pair;;;Argument[0];ReturnValue." + left + ";value;manual", - "pair;;;Argument[1];ReturnValue." + right + ";value;manual", - "left;();;Argument[-1]." + left + ";ReturnValue;value;manual", - "right;();;Argument[-1]." + right + ";ReturnValue;value;manual", - "getLeft;;;Argument[-1]." + left + ";ReturnValue;value;manual", - "getRight;;;Argument[-1]." + right + ";ReturnValue;value;manual", - "left;(Object);;Argument[0];ReturnValue." + left + ";value;manual", - "left;(Object);;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual", - "right;(Object);;Argument[0];ReturnValue." + right + ";value;manual", - "right;(Object);;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual", - "pushLeft;(Object);;Argument[-1];ReturnValue." + right + ";value;manual", - "pushRight;(Object);;Argument[-1];ReturnValue." + left + ";value;manual", - "pushLeft;(Object);;Argument[0];ReturnValue." + left + ";value;manual", - "pushRight;(Object);;Argument[0];ReturnValue." + right + ";value;manual", - // `nestLeft` Pair.nestLeft(C) -> Pair, B> - "nestLeft;(Object);;Argument[0];ReturnValue." + left + "." + left + ";value;manual", - "nestLeft;(Object);;Argument[-1]." + left + ";ReturnValue." + left + "." + right + - ";value;manual", - "nestLeft;(Object);;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual", - // `nestRight` Pair.nestRight(C) -> Pair> - "nestRight;(Object);;Argument[0];ReturnValue." + right + "." + left + ";value;manual", - "nestRight;(Object);;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual", - "nestRight;(Object);;Argument[-1]." + right + ";ReturnValue." + right + "." + right + - ";value;manual", - // `mapLeft` & `mapRight` map over their respective fields - "mapLeft;;;Argument[-1]." + left + ";Argument[0].Parameter[0];value;manual", - "mapLeft;;;Argument[-1]." + right + ";ReturnValue." + right + ";value;manual", - "mapRight;;;Argument[-1]." + right + ";Argument[0].Parameter[0];value;manual", - "mapRight;;;Argument[-1]." + left + ";ReturnValue." + left + ";value;manual", - "mapLeft;;;Argument[0].ReturnValue;ReturnValue." + left + ";value;manual", - "mapRight;;;Argument[0].ReturnValue;ReturnValue." + right + ";value;manual", - // `map` maps over the `Pair` - "map;;;Argument[-1];Argument[0].Parameter[0];value;manual", - "map;;;Argument[0].ReturnValue;ReturnValue;value;manual" - ] - ) - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll b/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll index 8f619d4a104..079cb44eb5d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll +++ b/java/ql/lib/semmle/code/java/frameworks/ratpack/RatpackExec.qll @@ -7,102 +7,6 @@ private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.FlowSteps private import semmle.code.java.dataflow.ExternalFlow -/** - * Model for Ratpack `Promise` methods. - */ -private class RatpackExecModel extends SummaryModelCsv { - override predicate row(string row) { - //"namespace;type;overrides;name;signature;ext;inputspec;outputspec;kind", - row = - "ratpack.exec;Promise;true;" + - [ - // `Promise` creation methods - "value;;;Argument[0];ReturnValue.Element;value;manual", - "flatten;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual", - "sync;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - // `Promise` value transformation methods - "map;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "map;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - "blockingMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "blockingMap;;;Argument[0].ReturnValue;ReturnValue.Element;value;manual", - "mapError;;;Argument[1].ReturnValue;ReturnValue.Element;value;manual", - // `apply` passes the qualifier to the function as the first argument - "apply;;;Argument[-1].Element;Argument[0].Parameter[0].Element;value;manual", - "apply;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual", - // `Promise` termination method - "then;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - // 'next' accesses qualifier the 'Promise' value and also returns the qualifier - "next;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "nextOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "flatOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - // `nextOpIf` accesses qualifier the 'Promise' value and also returns the qualifier - "nextOpIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "nextOpIf;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual", - // 'cacheIf' accesses qualifier the 'Promise' value and also returns the qualifier - "cacheIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - // 'route' accesses qualifier the 'Promise' value, and conditionally returns the qualifier or - // the result of the second argument - "route;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "route;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual", - "route;;;Argument[-1];ReturnValue;value;manual", - // `flatMap` type methods return their returned `Promise` - "flatMap;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "flatMap;;;Argument[0].ReturnValue.Element;ReturnValue.Element;value;manual", - "flatMapError;;;Argument[1].ReturnValue.Element;ReturnValue.Element;value;manual", - // `blockingOp` passes the value to the argument - "blockingOp;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - // `replace` returns the passed `Promise` - "replace;;;Argument[0].Element;ReturnValue.Element;value;manual", - // `mapIf` methods conditionally map their values, or return themselves - "mapIf;;;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "mapIf;;;Argument[-1].Element;Argument[1].Parameter[0];value;manual", - "mapIf;;;Argument[-1].Element;Argument[2].Parameter[0];value;manual", - "mapIf;;;Argument[1].ReturnValue;ReturnValue.Element;value;manual", - "mapIf;;;Argument[2].ReturnValue;ReturnValue.Element;value;manual", - // `wiretap` wraps the qualifier `Promise` value in a `Result` and passes it to the argument - "wiretap;;;Argument[-1].Element;Argument[0].Parameter[0].Element;value;manual" - ] - or - exists(string left, string right | - left = "Field[ratpack.func.Pair.left]" and - right = "Field[ratpack.func.Pair.right]" - | - row = - "ratpack.exec;Promise;true;" + - [ - // `left`, `right`, `flatLeft`, `flatRight` all pass the qualifier `Promise` element as the other `Pair` field - "left;;;Argument[-1].Element;ReturnValue.Element." + right + ";value;manual", - "right;;;Argument[-1].Element;ReturnValue.Element." + left + ";value;manual", - "flatLeft;;;Argument[-1].Element;ReturnValue.Element." + right + ";value;manual", - "flatRight;;;Argument[-1].Element;ReturnValue.Element." + left + ";value;manual", - // `left` and `right` taking a `Promise` create a `Promise` of the `Pair` - "left;(Promise);;Argument[0].Element;ReturnValue.Element." + left + ";value;manual", - "right;(Promise);;Argument[0].Element;ReturnValue.Element." + right + ";value;manual", - // `left` and `right` taking a `Function` pass the qualifier element then create a `Pair` with the returned value - "left;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "flatLeft;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "right;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "flatRight;(Function);;Argument[-1].Element;Argument[0].Parameter[0];value;manual", - "left;(Function);;Argument[0].ReturnValue;ReturnValue.Element." + left + ";value;manual", - "flatLeft;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element." + left + - ";value;manual", - "right;(Function);;Argument[0].ReturnValue;ReturnValue.Element." + right + - ";value;manual", - "flatRight;(Function);;Argument[0].ReturnValue.Element;ReturnValue.Element." + right + - ";value;manual" - ] - ) - or - row = - "ratpack.exec;Result;true;" + - [ - "success;;;Argument[0];ReturnValue.Element;value;manual", - "getValue;;;Argument[-1].Element;ReturnValue;value;manual", - "getValueOrThrow;;;Argument[-1].Element;ReturnValue;value;manual" - ] - } -} - /** A reference type that extends a parameterization the Promise type. */ private class RatpackPromise extends RefType { RatpackPromise() { diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll index fd3008e5f00..2b09288610e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/Spring.qll @@ -6,14 +6,10 @@ import semmle.code.java.frameworks.spring.SpringAttribute import semmle.code.java.frameworks.spring.SpringAutowire import semmle.code.java.frameworks.spring.SpringBean import semmle.code.java.frameworks.spring.SpringBeanFile -import semmle.code.java.frameworks.spring.SpringBeans import semmle.code.java.frameworks.spring.SpringBeanRefType -import semmle.code.java.frameworks.spring.SpringCache -import semmle.code.java.frameworks.spring.SpringContext import semmle.code.java.frameworks.spring.SpringComponentScan import semmle.code.java.frameworks.spring.SpringConstructorArg import semmle.code.java.frameworks.spring.SpringController -import semmle.code.java.frameworks.spring.SpringData import semmle.code.java.frameworks.spring.SpringDescription import semmle.code.java.frameworks.spring.SpringEntry import semmle.code.java.frameworks.spring.SpringFlex @@ -36,12 +32,7 @@ import semmle.code.java.frameworks.spring.SpringQualifier import semmle.code.java.frameworks.spring.SpringRef import semmle.code.java.frameworks.spring.SpringReplacedMethod import semmle.code.java.frameworks.spring.SpringSet -import semmle.code.java.frameworks.spring.SpringUi -import semmle.code.java.frameworks.spring.SpringUtil -import semmle.code.java.frameworks.spring.SpringValidation import semmle.code.java.frameworks.spring.SpringValue -import semmle.code.java.frameworks.spring.SpringWebMultipart -import semmle.code.java.frameworks.spring.SpringWebUtil import semmle.code.java.frameworks.spring.SpringXMLElement import semmle.code.java.frameworks.spring.metrics.MetricSpringBean import semmle.code.java.frameworks.spring.metrics.MetricSpringBeanFile diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll deleted file mode 100644 index 63671f21855..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringBeans.qll +++ /dev/null @@ -1,48 +0,0 @@ -/** - * Provides classes and predicates for working with Spring classes and interfaces from - * `org.springframework.beans`. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -/** - * Provides models for the `org.springframework.beans` package. - */ -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.beans;PropertyValue;false;PropertyValue;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.beans;PropertyValue;false;PropertyValue;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue);;Argument[0];Argument[-1];value;manual", - "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue,Object);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.beans;PropertyValue;false;PropertyValue;(PropertyValue,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.beans;PropertyValue;false;getName;;;Argument[-1].MapKey;ReturnValue;value;manual", - "org.springframework.beans;PropertyValue;false;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.beans;PropertyValues;true;getPropertyValue;;;Argument[-1].Element;ReturnValue;value;manual", - "org.springframework.beans;PropertyValues;true;getPropertyValues;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(List);;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(Map);;Argument[0].MapKey;Argument[-1].Element.MapKey;value;manual", - "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(Map);;Argument[0].MapValue;Argument[-1].Element.MapValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;MutablePropertyValues;(PropertyValues);;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[0];Argument[-1].Element.MapKey;value;manual", - "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[-1];ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;add;(String,Object);;Argument[1];Argument[-1].Element.MapValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(PropertyValue);;Argument[0];Argument[-1].Element;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(PropertyValue);;Argument[-1];ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(String,Object);;Argument[0];Argument[-1].Element.MapKey;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValue;(String,Object);;Argument[1];Argument[-1].Element.MapValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[0].MapKey;Argument[-1].Element.MapKey;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[0].MapValue;Argument[-1].Element.MapValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(Map);;Argument[-1];ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(PropertyValues);;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.beans;MutablePropertyValues;true;addPropertyValues;(PropertyValues);;Argument[-1];ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;get;;;Argument[-1].Element.MapValue;ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;getPropertyValue;;;Argument[-1].Element;ReturnValue;value;manual", - "org.springframework.beans;MutablePropertyValues;true;getPropertyValueList;;;Argument[-1].Element;ReturnValue.Element;value;manual", - "org.springframework.beans;MutablePropertyValues;true;getPropertyValues;;;Argument[-1].Element;ReturnValue.ArrayElement;value;manual", - "org.springframework.beans;MutablePropertyValues;true;setPropertyValueAt;;;Argument[0];Argument[-1].Element;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll deleted file mode 100644 index 007ce0d9d71..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringCache.qll +++ /dev/null @@ -1,27 +0,0 @@ -/** - * Provides models for the `org.springframework.cache` package. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.cache;Cache$ValueRetrievalException;false;ValueRetrievalException;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.cache;Cache$ValueRetrievalException;false;getKey;;;Argument[-1].MapKey;ReturnValue;value;manual", - "org.springframework.cache;Cache$ValueWrapper;true;get;;;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.cache;Cache;true;get;(Object);;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.cache;Cache;true;get;(Object,Callable);;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.cache;Cache;true;get;(Object,Class);;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.cache;Cache;true;getNativeCache;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.cache;Cache;true;getNativeCache;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.cache;Cache;true;put;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.cache;Cache;true;put;;;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.cache;Cache;true;putIfAbsent;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll deleted file mode 100644 index 3860a5457cd..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringContext.qll +++ /dev/null @@ -1,18 +0,0 @@ -/** - * Provides models for the `org.springframework.context` package. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class StringSummaryCsv extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //`namespace; type; subtypes; name; signature; ext; input; output; kind` - "org.springframework.context;MessageSource;true;getMessage;(String,Object[],String,Locale);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "org.springframework.context;MessageSource;true;getMessage;(String,Object[],String,Locale);;Argument[2];ReturnValue;taint;manual", - "org.springframework.context;MessageSource;true;getMessage;(String,Object[],Locale);;Argument[1].ArrayElement;ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll deleted file mode 100644 index 52c8579b4c7..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringData.qll +++ /dev/null @@ -1,17 +0,0 @@ -/** - * Provides classes and predicates for working with Spring classes and interfaces from - * `org.springframework.data`. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -/** - * Provides models for the `org.springframework.data` package. - */ -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - "org.springframework.data.repository;CrudRepository;true;save;;;Argument[0];ReturnValue;value;manual" - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll index 2114b4fcc75..6f4eedf0f36 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringHttp.qll @@ -43,107 +43,6 @@ class SpringHttpHeaders extends Class { SpringHttpHeaders() { this.hasQualifiedName("org.springframework.http", "HttpHeaders") } } -private class UrlOpenSink extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.http;RequestEntity;false;get;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;post;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;head;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;delete;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;options;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;patch;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;put;;;Argument[0];open-url;manual", - "org.springframework.http;RequestEntity;false;method;;;Argument[1];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(HttpMethod,URI);;Argument[1];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(MultiValueMap,HttpMethod,URI);;Argument[2];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(Object,HttpMethod,URI);;Argument[2];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(Object,HttpMethod,URI,Type);;Argument[2];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(Object,MultiValueMap,HttpMethod,URI);;Argument[3];open-url;manual", - "org.springframework.http;RequestEntity;false;RequestEntity;(Object,MultiValueMap,HttpMethod,URI,Type);;Argument[3];open-url;manual" - ] - } -} - -private class SpringHttpFlowStep extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - //"package;type;overrides;name;signature;ext;inputspec;outputspec;kind", - "org.springframework.http;HttpEntity;true;HttpEntity;(Object);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[1].MapKey;Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;HttpEntity;(Object,MultiValueMap);;Argument[1].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;HttpEntity;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;HttpEntity;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;HttpEntity;true;getBody;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpEntity;true;getHeaders;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,HttpStatus);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[1].MapKey;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,HttpStatus);;Argument[1].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(MultiValueMap,HttpStatus);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(MultiValueMap,HttpStatus);;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[1].MapKey;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;ResponseEntity;(Object,MultiValueMap,int);;Argument[1].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity;true;of;(Optional);;Argument[0].Element;ReturnValue;taint;manual", - "org.springframework.http;ResponseEntity;true;ok;(Object);;Argument[0];ReturnValue;taint;manual", - "org.springframework.http;ResponseEntity;true;created;(URI);;Argument[0];ReturnValue;taint;manual", - "org.springframework.http;ResponseEntity$BodyBuilder;true;contentLength;(long);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$BodyBuilder;true;contentType;(MediaType);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$BodyBuilder;true;body;(Object);;Argument[-1..0];ReturnValue;taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;allow;(HttpMethod[]);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;eTag;(String);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;eTag;(String);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;header;(String,String[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(Consumer);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(HttpHeaders);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;headers;(HttpHeaders);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;lastModified;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;location;(URI);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;location;(URI);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;varyBy;(String[]);;Argument[-1];ReturnValue;value;manual", - "org.springframework.http;ResponseEntity$HeadersBuilder;true;build;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;RequestEntity;true;getUrl;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;HttpHeaders;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;HttpHeaders;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;get;(Object);;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getAccessControlAllowHeaders;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getAccessControlAllowOrigin;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getAccessControlExposeHeaders;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getAccessControlRequestHeaders;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getCacheControl;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getConnection;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getETag;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getETagValuesAsList;(String);;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getFieldValues;(String);;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getFirst;(String);;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getIfMatch;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getIfNoneMatch;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getHost;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getLocation;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getOrEmpty;(Object);;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getOrigin;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getPragma;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getUpgrade;();;Argument[-1];ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;getValuesAsList;(String);;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;getVary;();;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.http;HttpHeaders;true;add;(String,String);;Argument[0..1];Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;set;(String,String);;Argument[0..1];Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;addAll;(MultiValueMap);;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;addAll;(MultiValueMap);;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;addAll;(String,List);;Argument[0];Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;addAll;(String,List);;Argument[1].Element;Argument[-1];taint;manual", - "org.springframework.http;HttpHeaders;true;formatHeaders;(MultiValueMap);;Argument[0].MapKey;ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;formatHeaders;(MultiValueMap);;Argument[0].MapValue.Element;ReturnValue;taint;manual", - "org.springframework.http;HttpHeaders;true;encodeBasicAuth;(String,String,Charset);;Argument[0..1];ReturnValue;taint;manual" - ] - } -} - private predicate specifiesContentType(SpringRequestMappingMethod method) { exists(method.getAProducesExpr()) } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll deleted file mode 100644 index e8ade8aa432..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUi.qll +++ /dev/null @@ -1,46 +0,0 @@ -/** - * Provides models for the `org.springframework.ui` package. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.ui;Model;true;addAllAttributes;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;Model;true;addAllAttributes;(Collection);;Argument[0].Element;Argument[-1].MapValue;value;manual", - "org.springframework.ui;Model;true;addAllAttributes;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.ui;Model;true;addAllAttributes;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "org.springframework.ui;Model;true;addAttribute;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;Model;true;addAttribute;(Object);;Argument[0];Argument[-1].MapValue;value;manual", - "org.springframework.ui;Model;true;addAttribute;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.ui;Model;true;addAttribute;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.ui;Model;true;asMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.ui;Model;true;asMap;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.ui;Model;true;getAttribute;;;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.ui;Model;true;mergeAttributes;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;Model;true;mergeAttributes;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.ui;Model;true;mergeAttributes;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;ModelMap;(Object);;Argument[0];Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;ModelMap;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.ui;ModelMap;false;ModelMap;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;addAllAttributes;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;ModelMap;false;addAllAttributes;(Collection);;Argument[0].Element;Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;addAllAttributes;(Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.ui;ModelMap;false;addAllAttributes;(Map);;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;addAttribute;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;ModelMap;false;addAttribute;(Object);;Argument[0];Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;addAttribute;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.ui;ModelMap;false;addAttribute;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual", - "org.springframework.ui;ModelMap;false;getAttribute;;;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.ui;ModelMap;false;mergeAttributes;;;Argument[0].MapValue;Argument[-1].MapValue;value;manual", - "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(Object);;Argument[0];Argument[-1].MapValue;value;manual", - "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(String,Object);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.ui;ConcurrentModel;false;ConcurrentModel;(String,Object);;Argument[1];Argument[-1].MapValue;value;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll deleted file mode 100644 index 7c78c6b7afc..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringUtil.qll +++ /dev/null @@ -1,153 +0,0 @@ -/** - * Provides models for the `org.springframework.util` package. - */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.util;AntPathMatcher;false;combine;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[1];Argument[3].MapValue;taint;manual", - "org.springframework.util;AntPathMatcher;false;extractPathWithinPattern;;;Argument[1];ReturnValue;taint;manual", - "org.springframework.util;AntPathMatcher;false;extractUriTemplateVariables;;;Argument[1];ReturnValue.MapValue;taint;manual", - "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory);;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,java.lang.Class);;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.util;Base64Utils;false;decode;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;decodeFromString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;decodeFromUrlSafeString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;decodeUrlSafe;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;encode;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;encodeToString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;encodeToUrlSafeString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;Base64Utils;false;encodeUrlSafe;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;CollectionUtils;false;arrayToList;;;Argument[0].ArrayElement;ReturnValue.Element;value;manual", - "org.springframework.util;CollectionUtils;false;findFirstMatch;;;Argument[0].Element;ReturnValue;value;manual", - "org.springframework.util;CollectionUtils;false;findValueOfType;;;Argument[0].Element;ReturnValue;value;manual", - "org.springframework.util;CollectionUtils;false;firstElement;;;Argument[0].Element;ReturnValue;value;manual", - "org.springframework.util;CollectionUtils;false;lastElement;;;Argument[0].Element;ReturnValue;value;manual", - "org.springframework.util;CollectionUtils;false;mergeArrayIntoCollection;;;Argument[0].ArrayElement;Argument[1].Element;value;manual", - "org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;Argument[0].MapKey;Argument[1].MapKey;value;manual", - "org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;Argument[0].MapValue;Argument[1].MapValue;value;manual", - "org.springframework.util;CollectionUtils;false;toArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;CollectionUtils;false;toIterator;;;Argument[0].Element;ReturnValue.Element;value;manual", - "org.springframework.util;CollectionUtils;false;toMultiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;CollectionUtils;false;toMultiValueMap;;;Argument[0].MapValue.Element;ReturnValue.MapValue.Element;value;manual", - "org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;Argument[0].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;Argument[0].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.util;CompositeIterator;false;add;;;Argument[0].Element;Argument[-1].Element;value;manual", - "org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.util;FastByteArrayOutputStream;false;getInputStream;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.util;FastByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.util;FastByteArrayOutputStream;false;write;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.util;FastByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint;manual", - "org.springframework.util;FileCopyUtils;false;copy;;;Argument[0];Argument[1];taint;manual", - "org.springframework.util;FileCopyUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;FileCopyUtils;false;copyToString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;FileSystemUtils;false;copyRecursively;(java.io.File,java.io.File);;Argument[0];Argument[1];taint;manual", - "org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;Argument[-1].MapValue;ReturnValue.MapValue;value;manual", - "org.springframework.util;MultiValueMap;true;add;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;add;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Argument[1].Element;Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;getFirst;;;Argument[-1].MapValue.Element;ReturnValue;value;manual", - "org.springframework.util;MultiValueMap;true;set;;;Argument[0];Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;set;;;Argument[1];Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;setAll;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;setAll;;;Argument[0].MapValue;Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;MultiValueMap;true;toSingleValueMap;;;Argument[-1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.util;MultiValueMap;true;toSingleValueMap;;;Argument[-1].MapValue.Element;ReturnValue.MapValue;value;manual", - "org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Argument[0].MapKey;Argument[-1].MapKey;value;manual", - "org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Argument[0].MapValue.Element;Argument[-1].MapValue.Element;value;manual", - "org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.springframework.util;ObjectUtils;false;toObjectArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;ObjectUtils;false;unwrapOptional;;;Argument[0].Element;ReturnValue;value;manual", - "org.springframework.util;PropertiesPersister;true;load;;;Argument[1];Argument[0];taint;manual", - "org.springframework.util;PropertiesPersister;true;loadFromXml;;;Argument[1];Argument[0];taint;manual", - "org.springframework.util;PropertiesPersister;true;store;;;Argument[0];Argument[1];taint;manual", - "org.springframework.util;PropertiesPersister;true;store;;;Argument[2];Argument[1];taint;manual", - "org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[0];Argument[1];taint;manual", - "org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[2];Argument[1];taint;manual", - "org.springframework.util;PropertyPlaceholderHelper;false;PropertyPlaceholderHelper;;;Argument[0..1];Argument[-1];taint;manual", - "org.springframework.util;PropertyPlaceholderHelper;false;parseStringValue;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;(java.lang.String,java.util.Properties);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.springframework.util;ResourceUtils;false;extractArchiveURL;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;ResourceUtils;false;extractJarFileURL;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;ResourceUtils;false;getFile;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;ResourceUtils;false;getURL;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;ResourceUtils;false;toURI;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;RouteMatcher;true;combine;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[0];ReturnValue.MapKey;taint;manual", - "org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[1];ReturnValue.MapValue;taint;manual", - "org.springframework.util;RouteMatcher;true;parseRoute;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;SerializationUtils;false;deserialize;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;SerializationUtils;false;serialize;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StreamUtils;false;copy;(byte[],java.io.OutputStream);;Argument[0];Argument[1];taint;manual", - "org.springframework.util;StreamUtils;false;copy;(java.io.InputStream,java.io.OutputStream);;Argument[0];Argument[1];taint;manual", - "org.springframework.util;StreamUtils;false;copy;(java.lang.String,java.nio.charset.Charset,java.io.OutputStream);;Argument[0];Argument[2];taint;manual", - "org.springframework.util;StreamUtils;false;copyRange;;;Argument[0];Argument[1];taint;manual", - "org.springframework.util;StreamUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StreamUtils;false;copyToString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;addStringToArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;addStringToArray;;;Argument[1];ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;applyRelativePath;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;arrayToCommaDelimitedString;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[1];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;cleanPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;collectionToCommaDelimitedString;;;Argument[0].Element;ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[0].Element;ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[1..3];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;commaDelimitedListToSet;;;Argument[0];ReturnValue.Element;taint;manual", - "org.springframework.util;StringUtils;false;commaDelimitedListToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;concatenateStringArrays;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;delete;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;deleteAny;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;delimitedListToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;getFilename;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;getFilenameExtension;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;mergeStringArrays;;;Argument[0..1].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;quote;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;quoteIfString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;removeDuplicateStrings;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;replace;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;replace;;;Argument[2];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;sortStringArray;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;split;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;Argument[0].ArrayElement;ReturnValue.MapKey;taint;manual", - "org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;Argument[0].ArrayElement;ReturnValue.MapValue;taint;manual", - "org.springframework.util;StringUtils;false;stripFilenameExtension;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;tokenizeToStringArray;;;Argument[0];ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;toStringArray;;;Argument[0].Element;ReturnValue.ArrayElement;value;manual", - "org.springframework.util;StringUtils;false;trimAllWhitespace;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;trimArrayElements;;;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual", - "org.springframework.util;StringUtils;false;trimLeadingCharacter;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;trimLeadingWhitespace;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;trimTrailingCharacter;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;trimTrailingWhitespace;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;trimWhitespace;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;unqualify;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringUtils;false;uriDecode;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;StringValueResolver;false;resolveStringValue;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.util;SystemPropertyUtils;false;resolvePlaceholders;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll deleted file mode 100644 index 2dcf184de84..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringValidation.qll +++ /dev/null @@ -1,25 +0,0 @@ -/** Definitions of flow steps through utility methods of `org.springframework.validation.Errors`. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class SpringValidationErrorModel extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.validation;Errors;true;addAllErrors;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;getAllErrors;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.validation;Errors;true;getFieldError;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.validation;Errors;true;getFieldErrors;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.validation;Errors;true;getGlobalError;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.validation;Errors;true;getGlobalErrors;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.validation;Errors;true;reject;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;reject;;;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;reject;;;Argument[2];Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;rejectValue;;;Argument[1];Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;rejectValue;;;Argument[3];Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.Object[],java.lang.String);;Argument[2].ArrayElement;Argument[-1];taint;manual", - "org.springframework.validation;Errors;true;rejectValue;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];Argument[-1];taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll index 9744c323e36..955cb9e4131 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebClient.qll @@ -28,26 +28,3 @@ class SpringWebClient extends Interface { this.hasQualifiedName("org.springframework.web.reactive.function.client", "WebClient") } } - -private class UrlOpenSink extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.web.client;RestTemplate;false;delete;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;doExecute;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;exchange;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;execute;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;getForEntity;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;getForObject;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;headForHeaders;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;optionsForAllow;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;patchForObject;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;postForEntity;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;postForLocation;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;postForObject;;;Argument[0];open-url;manual", - "org.springframework.web.client;RestTemplate;false;put;;;Argument[0];open-url;manual", - "org.springframework.web.reactive.function.client;WebClient;false;create;;;Argument[0];open-url;manual", - "org.springframework.web.reactive.function.client;WebClient$Builder;false;baseUrl;;;Argument[0];open-url;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll deleted file mode 100644 index 43acaceda76..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebMultipart.qll +++ /dev/null @@ -1,25 +0,0 @@ -/** Provides models of taint flow in `org.springframework.web.multipart` */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.web.multipart;MultipartFile;true;getBytes;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartFile;true;getInputStream;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartFile;true;getName;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartFile;true;getOriginalFilename;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartFile;true;getResource;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartHttpServletRequest;true;getMultipartHeaders;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartHttpServletRequest;true;getRequestHeaders;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFile;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFileMap;;;Argument[-1];ReturnValue.MapValue;taint;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFileNames;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.web.multipart;MultipartRequest;true;getFiles;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.web.multipart;MultipartRequest;true;getMultiFileMap;;;Argument[-1];ReturnValue.MapValue;taint;manual", - "org.springframework.web.multipart;MultipartResolver;true;resolveMultipart;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll deleted file mode 100644 index 4f855eedbae..00000000000 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringWebUtil.qll +++ /dev/null @@ -1,176 +0,0 @@ -/** Provides models of taint flow in `org.springframework.web.util` */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class FlowSummaries extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "org.springframework.web.util;UriBuilder;true;build;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriBuilder;true;build;(Map);;Argument[0].MapValue;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;build;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriBuilder;true;build;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.web.util;UriBuilder;true;fragment;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;fragment;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;host;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;host;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;path;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;path;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;pathSegment;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;pathSegment;;;Argument[0].ArrayElement;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;port;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;port;(java.lang.String);;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;query;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;query;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParam;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;queryParam;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParam;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParam;(String,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParamIfPresent;;;Argument[1].Element;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;queryParams;;;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replacePath;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;replacePath;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQuery;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;replaceQuery;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParam;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParam;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParam;(String,Collection);;Argument[1].Element;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParam;(String,Object[]);;Argument[1].ArrayElement;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[0].MapKey;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;replaceQueryParams;;;Argument[0].MapValue.Element;Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;scheme;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;scheme;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilder;true;userInfo;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriBuilder;true;userInfo;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriBuilderFactory;true;builder;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriBuilderFactory;true;uriString;;;Argument[-1..0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents$UriTemplateVariables;true;getValue;;;Argument[-1].MapValue;ReturnValue;value;manual", - "org.springframework.web.util;UriTemplateHandler;true;expand;;;Argument[-1..0];ReturnValue;taint;manual", - "org.springframework.web.util;UriTemplateHandler;true;expand;(String,Map);;Argument[1].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriTemplateHandler;true;expand;(String,Object[]);;Argument[1].ArrayElement;ReturnValue;taint;manual", - "org.springframework.web.util;AbstractUriTemplateHandler;true;getBaseUrl;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;AbstractUriTemplateHandler;true;setBaseUrl;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;AbstractUriTemplateHandler;true;setDefaultUriVariables;;;Argument[0];Argument[-1];taint;manual", - // writing to a `Request` or `Response` currently doesn't propagate taint to the object itself. - "org.springframework.web.util;ContentCachingRequestWrapper;false;ContentCachingRequestWrapper;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;ContentCachingRequestWrapper;false;getContentAsByteArray;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;ContentCachingResponseWrapper;false;ContentCachingResponseWrapper;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;ContentCachingResponseWrapper;false;getContentAsByteArray;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;ContentCachingResponseWrapper;false;getContentInputStream;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;DefaultUriBuilderFactory;false;DefaultUriBuilderFactory;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;DefaultUriBuilderFactory;false;builder;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;DefaultUriBuilderFactory;false;getDefaultUriVariables;;;Argument[-1];ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;DefaultUriBuilderFactory;false;setDefaultUriVariables;;;Argument[0].MapValue;Argument[-1];taint;manual", - "org.springframework.web.util;DefaultUriBuilderFactory;false;uriString;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;HtmlUtils;false;htmlEscape;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;HtmlUtils;false;htmlEscapeDecimal;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;HtmlUtils;false;htmlEscapeHex;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;HtmlUtils;false;htmlUnescape;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;ServletContextPropertyUtils;false;resolvePlaceholders;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.web.util;ServletRequestPathUtils;false;getCachedPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;ServletRequestPathUtils;false;getCachedPathValue;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;ServletRequestPathUtils;false;getParsedRequestPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;ServletRequestPathUtils;false;parseAndCache;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;ServletRequestPathUtils;false;setParsedRequestPath;;;Argument[0];Argument[1];taint;manual", - "org.springframework.web.util;UriComponents;false;UriComponents;;;Argument[0..1];Argument[-1];taint;manual", - "org.springframework.web.util;UriComponents;false;copyToUriComponentsBuilder;;;Argument[-1];Argument[0];taint;manual", - "org.springframework.web.util;UriComponents;false;encode;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;expand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;expand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;expand;(UriTemplateVariables);;Argument[0].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getFragment;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getHost;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getPath;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getPathSegments;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getQuery;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getQueryParams;;;Argument[-1];ReturnValue.MapKey;taint;manual", - "org.springframework.web.util;UriComponents;false;getQueryParams;;;Argument[-1];ReturnValue.MapValue.Element;taint;manual", - "org.springframework.web.util;UriComponents;false;getScheme;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getSchemeSpecificPart;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;getUserInfo;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;toUri;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;toUriString;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponents;false;normalize;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;build;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;buildAndExpand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;buildAndExpand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;cloneBuilder;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;encode;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromHttpRequest;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromHttpUrl;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromOriginHeader;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromUri;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;fromUriString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;parseForwardedFor;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;schemeSpecificPart;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;schemeSpecificPart;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;toUriString;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uri;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uri;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uriComponents;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uriComponents;;;Argument[0];Argument[-1];taint;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uriVariables;;;Argument[-1];ReturnValue;value;manual", - "org.springframework.web.util;UriComponentsBuilder;false;uriVariables;;;Argument[0].MapValue;Argument[-1];taint;manual", - "org.springframework.web.util;UriTemplate;false;expand;(Map);;Argument[0].MapValue;ReturnValue;taint;manual", - "org.springframework.web.util;UriTemplate;false;expand;(Object[]);;Argument[0].ArrayElement;ReturnValue;taint;manual", - "org.springframework.web.util;UriTemplate;false;getVariableNames;;;Argument[-1];ReturnValue.Element;taint;manual", - "org.springframework.web.util;UriTemplate;false;match;;;Argument[0];ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;UriTemplate;false;toString;;;Argument[-1];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;decode;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encode;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeAuthority;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeFragment;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeHost;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodePath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodePathSegment;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodePort;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeQuery;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeQueryParam;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeQueryParams;;;Argument[0].MapKey;ReturnValue.MapKey;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeQueryParams;;;Argument[0].MapValue;ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeScheme;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Map);;Argument[0].MapValue;ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Map);;Argument[0].MapKey;ReturnValue.MapKey;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeUriVariables;(Object[]);;Argument[0].ArrayElement;ReturnValue.ArrayElement;taint;manual", - "org.springframework.web.util;UriUtils;false;encodeUserInfo;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UriUtils;false;extractFileExtension;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;decodeMatrixVariables;;;Argument[1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.web.util;UrlPathHelper;false;decodeMatrixVariables;;;Argument[1].MapValue;ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;decodePathVariables;;;Argument[1].MapKey;ReturnValue.MapKey;value;manual", - "org.springframework.web.util;UrlPathHelper;false;decodePathVariables;;;Argument[1].MapValue;ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;decodeRequestString;;;Argument[1];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getContextPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getOriginatingContextPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getOriginatingQueryString;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getOriginatingRequestUri;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getPathWithinApplication;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getPathWithinServletMapping;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getRequestUri;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getResolvedLookupPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;getServletPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;removeSemicolonContent;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;UrlPathHelper;false;resolveAndCacheLookupPath;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;findParameterValue;(Map,String);;Argument[0].MapValue;ReturnValue;value;manual", - "org.springframework.web.util;WebUtils;false;findParameterValue;(ServletRequest,String);;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getCookie;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getNativeRequest;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getNativeResponse;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getParametersStartingWith;;;Argument[0];ReturnValue.MapKey;taint;manual", - "org.springframework.web.util;WebUtils;false;getParametersStartingWith;;;Argument[0];ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getRealPath;;;Argument[0..1];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getRequiredSessionAttribute;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;getSessionAttribute;;;Argument[0];ReturnValue;taint;manual", - "org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];ReturnValue.MapKey;taint;manual", - "org.springframework.web.util;WebUtils;false;parseMatrixVariables;;;Argument[0];ReturnValue.MapValue;taint;manual", - "org.springframework.web.util;WebUtils;false;setSessionAttribute;;;Argument[2];Argument[0];taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll index 8936de5a923..5a913ccdef8 100644 --- a/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll +++ b/java/ql/lib/semmle/code/java/regex/RegexFlowConfigs.qll @@ -6,7 +6,6 @@ import java import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.DataFlow2 -private import RegexFlowModels private import semmle.code.java.security.SecurityTests private class ExploitableStringLiteral extends StringLiteral { diff --git a/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll b/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll deleted file mode 100644 index 20ba2c14dc8..00000000000 --- a/java/ql/lib/semmle/code/java/regex/RegexFlowModels.qll +++ /dev/null @@ -1,38 +0,0 @@ -/** Definitions of data flow steps for determining flow of regular expressions. */ - -import java -import semmle.code.java.dataflow.ExternalFlow - -private class RegexSinkCsv extends SinkModelCsv { - override predicate row(string row) { - row = - [ - //"namespace;type;subtypes;name;signature;ext;input;kind" - "java.util.regex;Matcher;false;matches;();;Argument[-1];regex-use[f];manual", - "java.util.regex;Pattern;false;asMatchPredicate;();;Argument[-1];regex-use[f];manual", - "java.util.regex;Pattern;false;compile;(String);;Argument[0];regex-use[];manual", - "java.util.regex;Pattern;false;compile;(String,int);;Argument[0];regex-use[];manual", - "java.util.regex;Pattern;false;matcher;(CharSequence);;Argument[-1];regex-use[0];manual", - "java.util.regex;Pattern;false;matches;(String,CharSequence);;Argument[0];regex-use[f1];manual", - "java.util.regex;Pattern;false;split;(CharSequence);;Argument[-1];regex-use[0];manual", - "java.util.regex;Pattern;false;split;(CharSequence,int);;Argument[-1];regex-use[0];manual", - "java.util.regex;Pattern;false;splitAsStream;(CharSequence);;Argument[-1];regex-use[0];manual", - "java.util.function;Predicate;false;test;(Object);;Argument[-1];regex-use[0];manual", - "java.lang;String;false;matches;(String);;Argument[0];regex-use[f-1];manual", - "java.lang;String;false;split;(String);;Argument[0];regex-use[-1];manual", - "java.lang;String;false;split;(String,int);;Argument[0];regex-use[-1];manual", - "java.lang;String;false;replaceAll;(String,String);;Argument[0];regex-use[-1];manual", - "java.lang;String;false;replaceFirst;(String,String);;Argument[0];regex-use[-1];manual", - "com.google.common.base;Splitter;false;onPattern;(String);;Argument[0];regex-use[];manual", - "com.google.common.base;Splitter;false;split;(CharSequence);;Argument[-1];regex-use[0];manual", - "com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[-1];regex-use[0];manual", - "com.google.common.base;Splitter$MapSplitter;false;split;(CharSequence);;Argument[-1];regex-use[0];manual", - "org.apache.commons.lang3;RegExUtils;false;removeAll;(String,String);;Argument[1];regex-use;manual", - "org.apache.commons.lang3;RegExUtils;false;removeFirst;(String,String);;Argument[1];regex-use;manual", - "org.apache.commons.lang3;RegExUtils;false;removePattern;(String,String);;Argument[1];regex-use;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceAll;(String,String,String);;Argument[1];regex-use;manual", - "org.apache.commons.lang3;RegExUtils;false;replaceFirst;(String,String,String);;Argument[1];regex-use;manual", - "org.apache.commons.lang3;RegExUtils;false;replacePattern;(String,String,String);;Argument[1];regex-use;manual", - ] - } -} diff --git a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll index 5252bbfa627..993c2941733 100644 --- a/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll +++ b/java/ql/lib/semmle/code/java/security/AndroidIntentRedirection.qll @@ -28,37 +28,6 @@ class IntentRedirectionAdditionalTaintStep extends Unit { abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); } -private class DefaultIntentRedirectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "android.app;Activity;true;bindService;;;Argument[0];intent-start;manual", - "android.app;Activity;true;bindServiceAsUser;;;Argument[0];intent-start;manual", - "android.app;Activity;true;startActivityAsCaller;;;Argument[0];intent-start;manual", - "android.app;Activity;true;startActivityForResult;(Intent,int);;Argument[0];intent-start;manual", - "android.app;Activity;true;startActivityForResult;(Intent,int,Bundle);;Argument[0];intent-start;manual", - "android.app;Activity;true;startActivityForResult;(String,Intent,int,Bundle);;Argument[1];intent-start;manual", - "android.app;Activity;true;startActivityForResultAsUser;;;Argument[0];intent-start;manual", - "android.content;Context;true;startActivities;;;Argument[0];intent-start;manual", - "android.content;Context;true;startActivity;;;Argument[0];intent-start;manual", - "android.content;Context;true;startActivityAsUser;;;Argument[0];intent-start;manual", - "android.content;Context;true;startActivityFromChild;;;Argument[1];intent-start;manual", - "android.content;Context;true;startActivityFromFragment;;;Argument[1];intent-start;manual", - "android.content;Context;true;startActivityIfNeeded;;;Argument[0];intent-start;manual", - "android.content;Context;true;startForegroundService;;;Argument[0];intent-start;manual", - "android.content;Context;true;startService;;;Argument[0];intent-start;manual", - "android.content;Context;true;startServiceAsUser;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendBroadcast;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendBroadcastAsUser;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendBroadcastWithMultiplePermissions;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendStickyBroadcast;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendStickyBroadcastAsUser;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendStickyOrderedBroadcast;;;Argument[0];intent-start;manual", - "android.content;Context;true;sendStickyOrderedBroadcastAsUser;;;Argument[0];intent-start;manual" - ] - } -} - /** Default sink for Intent redirection vulnerabilities. */ private class DefaultIntentRedirectionSink extends IntentRedirectionSink { DefaultIntentRedirectionSink() { sinkNode(this, "intent-start") } diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll index 5b836e4c01f..89cc7ac021b 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageAndroidFilesystemQuery.qll @@ -7,7 +7,6 @@ import java import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.security.CleartextStorageQuery -import semmle.code.java.security.Files import semmle.code.xml.AndroidManifest private class AndroidFilesystemCleartextStorageSink extends CleartextStorageSink { diff --git a/java/ql/lib/semmle/code/java/security/Files.qll b/java/ql/lib/semmle/code/java/security/Files.qll deleted file mode 100644 index 52ea86bc5b7..00000000000 --- a/java/ql/lib/semmle/code/java/security/Files.qll +++ /dev/null @@ -1,100 +0,0 @@ -/** Provides classes and predicates to work with File objects. */ - -import java -private import semmle.code.java.dataflow.ExternalFlow - -private class CreateFileSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "java.io;FileOutputStream;false;FileOutputStream;;;Argument[0];create-file;manual", - "java.io;RandomAccessFile;false;RandomAccessFile;;;Argument[0];create-file;manual", - "java.io;FileWriter;false;FileWriter;;;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(File);;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(File,String);;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(File,Charset);;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(String);;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(String,String);;Argument[0];create-file;manual", - "java.io;PrintStream;false;PrintStream;(String,Charset);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(File);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(File,String);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(File,Charset);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(String);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(String,String);;Argument[0];create-file;manual", - "java.io;PrintWriter;false;PrintWriter;(String,Charset);;Argument[0];create-file;manual", - "java.nio.file;Files;false;copy;;;Argument[1];create-file;manual", - "java.nio.file;Files;false;createDirectories;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createDirectory;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createFile;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createLink;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createSymbolicLink;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createTempDirectory;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;createTempFile;(Path,String,String,FileAttribute[]);;Argument[0];create-file;manual", - "java.nio.file;Files;false;move;;;Argument[1];create-file;manual", - "java.nio.file;Files;false;newBufferedWriter;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;newOutputStream;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;write;;;Argument[0];create-file;manual", - "java.nio.file;Files;false;writeString;;;Argument[0];create-file;manual" - ] - } -} - -private class WriteFileSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "java.io;FileOutputStream;false;write;;;Argument[0];write-file;manual", - "java.io;RandomAccessFile;false;write;;;Argument[0];write-file;manual", - "java.io;RandomAccessFile;false;writeBytes;;;Argument[0];write-file;manual", - "java.io;RandomAccessFile;false;writeChars;;;Argument[0];write-file;manual", - "java.io;RandomAccessFile;false;writeUTF;;;Argument[0];write-file;manual", - "java.io;Writer;true;append;;;Argument[0];write-file;manual", - "java.io;Writer;true;write;;;Argument[0];write-file;manual", - "java.io;PrintStream;true;append;;;Argument[0];write-file;manual", - "java.io;PrintStream;true;format;(String,Object[]);;Argument[0..1];write-file;manual", - "java.io;PrintStream;true;format;(Locale,String,Object[]);;Argument[1..2];write-file;manual", - "java.io;PrintStream;true;print;;;Argument[0];write-file;manual", - "java.io;PrintStream;true;printf;(String,Object[]);;Argument[0..1];write-file;manual", - "java.io;PrintStream;true;printf;(Locale,String,Object[]);;Argument[1..2];write-file;manual", - "java.io;PrintStream;true;println;;;Argument[0];write-file;manual", - "java.io;PrintStream;true;write;;;Argument[0];write-file;manual", - "java.io;PrintStream;true;writeBytes;;;Argument[0];write-file;manual", - "java.io;PrintWriter;false;format;(String,Object[]);;Argument[0..1];write-file;manual", - "java.io;PrintWriter;false;format;(Locale,String,Object[]);;Argument[1..2];write-file;manual", - "java.io;PrintWriter;false;print;;;Argument[0];write-file;manual", - "java.io;PrintWriter;false;printf;(String,Object[]);;Argument[0..1];write-file;manual", - "java.io;PrintWriter;false;printf;(Locale,String,Object[]);;Argument[1..2];write-file;manual", - "java.io;PrintWriter;false;println;;;Argument[0];write-file;manual", - "java.nio.file;Files;false;write;;;Argument[1];write-file;manual", - "java.nio.file;Files;false;writeString;;;Argument[1];write-file;manual" - ] - } -} - -private class FileSummaryModels extends SummaryModelCsv { - override predicate row(string row) { - row = - [ - "java.io;File;false;File;;;Argument[0];Argument[-1];taint;manual", - "java.io;File;false;File;;;Argument[1];Argument[-1];taint;manual", - "java.io;File;true;getAbsoluteFile;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getCanonicalFile;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;getCanonicalPath;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;toPath;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.io;File;true;toURI;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;getParent;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;normalize;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;resolve;;;Argument[-1..0];ReturnValue;taint;manual", - "java.nio.file;Path;true;toAbsolutePath;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;toString;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Path;true;toUri;;;Argument[-1];ReturnValue;taint;manual", - "java.nio.file;Paths;true;get;;;Argument[0];ReturnValue;taint;manual", - "java.nio.file;Paths;true;get;;;Argument[1].ArrayElement;ReturnValue;taint;manual", - "java.nio.file;FileSystem;true;getPath;;;Argument[0];ReturnValue;taint;manual", - "java.nio.file;FileSystem;true;getRootDirectories;;;Argument[0];ReturnValue;taint;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll index 78cc2690bec..046993f6658 100644 --- a/java/ql/lib/semmle/code/java/security/FragmentInjection.qll +++ b/java/ql/lib/semmle/code/java/security/FragmentInjection.qll @@ -43,22 +43,6 @@ class FragmentInjectionAdditionalTaintStep extends Unit { abstract predicate step(DataFlow::Node n1, DataFlow::Node n2); } -private class FragmentInjectionSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - ["android.app", "android.support.v4.app", "androidx.fragment.app"] + - ";FragmentTransaction;true;" + - [ - "add;(Class,Bundle,String);;Argument[0]", "add;(Fragment,String);;Argument[0]", - "add;(int,Class,Bundle);;Argument[1]", "add;(int,Fragment);;Argument[1]", - "add;(int,Class,Bundle,String);;Argument[1]", "add;(int,Fragment,String);;Argument[1]", - "attach;(Fragment);;Argument[0]", "replace;(int,Class,Bundle);;Argument[1]", - "replace;(int,Fragment);;Argument[1]", "replace;(int,Class,Bundle,String);;Argument[1]", - "replace;(int,Fragment,String);;Argument[1]", - ] + ";fragment-injection;manual" - } -} - private class DefaultFragmentInjectionSink extends FragmentInjectionSink { DefaultFragmentInjectionSink() { sinkNode(this, "fragment-injection") } } diff --git a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll index b735e28cd32..54ea8afce91 100644 --- a/java/ql/lib/semmle/code/java/security/GroovyInjection.qll +++ b/java/ql/lib/semmle/code/java/security/GroovyInjection.qll @@ -24,47 +24,6 @@ private class DefaultGroovyInjectionSink extends GroovyInjectionSink { DefaultGroovyInjectionSink() { sinkNode(this, "groovy") } } -private class DefaultGroovyInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - // Signatures are specified to exclude sinks of the type `File` - "groovy.lang;GroovyShell;false;evaluate;(GroovyCodeSource);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(Reader);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(Reader,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(String,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(String,String,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;evaluate;(URI);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;parse;(Reader);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;parse;(Reader,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;parse;(String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;parse;(String,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;parse;(URI);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,String[]);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,List);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(Reader,String,String[]);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(Reader,String,List);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(String,String,String[]);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(String,String,List);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(URI,String[]);;Argument[0];groovy;manual", - "groovy.lang;GroovyShell;false;run;(URI,List);;Argument[0];groovy;manual", - "groovy.util;Eval;false;me;(String);;Argument[0];groovy;manual", - "groovy.util;Eval;false;me;(String,Object,String);;Argument[2];groovy;manual", - "groovy.util;Eval;false;x;(Object,String);;Argument[1];groovy;manual", - "groovy.util;Eval;false;xy;(Object,Object,String);;Argument[2];groovy;manual", - "groovy.util;Eval;false;xyz;(Object,Object,Object,String);;Argument[3];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource);;Argument[0];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource,boolean);;Argument[0];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(InputStream,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(Reader,String);;Argument[0];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(String);;Argument[0];groovy;manual", - "groovy.lang;GroovyClassLoader;false;parseClass;(String,String);;Argument[0];groovy;manual", - "org.codehaus.groovy.control;CompilationUnit;false;compile;;;Argument[-1];groovy;manual" - ] - } -} - /** A set of additional taint steps to consider when taint tracking Groovy related data flows. */ private class DefaultGroovyInjectionAdditionalTaintStep extends GroovyInjectionAdditionalTaintStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { diff --git a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll index bbfafc2d9c4..308b8037554 100644 --- a/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll +++ b/java/ql/lib/semmle/code/java/security/ImplicitPendingIntents.qll @@ -94,39 +94,6 @@ private class MutablePendingIntentFlowStep extends ImplicitPendingIntentAddition } } -private class PendingIntentSentSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "androidx.slice;SliceProvider;true;onBindSlice;;;ReturnValue;pending-intent-sent;manual", - "androidx.slice;SliceProvider;true;onCreatePermissionRequest;;;ReturnValue;pending-intent-sent;manual", - "android.app;NotificationManager;true;notify;(int,Notification);;Argument[1];pending-intent-sent;manual", - "android.app;NotificationManager;true;notify;(String,int,Notification);;Argument[2];pending-intent-sent;manual", - "android.app;NotificationManager;true;notifyAsPackage;(String,String,int,Notification);;Argument[3];pending-intent-sent;manual", - "android.app;NotificationManager;true;notifyAsUser;(String,int,Notification,UserHandle);;Argument[2];pending-intent-sent;manual", - "androidx.core.app;NotificationManagerCompat;true;notify;(int,Notification);;Argument[1];pending-intent-sent;manual", - "androidx.core.app;NotificationManagerCompat;true;notify;(String,int,Notification);;Argument[2];pending-intent-sent;manual", - "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String,Bundle);;Argument[2];pending-intent-sent;manual", - "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler,String);;Argument[2];pending-intent-sent;manual", - "android.app;PendingIntent;false;send;(Context,int,Intent,OnFinished,Handler);;Argument[2];pending-intent-sent;manual", - "android.app;PendingIntent;false;send;(Context,int,Intent);;Argument[2];pending-intent-sent;manual", - "android.app;Activity;true;setResult;(int,Intent);;Argument[1];pending-intent-sent;manual", - "android.app;AlarmManager;true;set;(int,long,PendingIntent);;Argument[2];pending-intent-sent;manual", - "android.app;AlarmManager;true;setAlarmClock;;;Argument[1];pending-intent-sent;manual", - "android.app;AlarmManager;true;setAndAllowWhileIdle;;;Argument[2];pending-intent-sent;manual", - "android.app;AlarmManager;true;setExact;(int,long,PendingIntent);;Argument[2];pending-intent-sent;manual", - "android.app;AlarmManager;true;setExactAndAllowWhileIdle;;;Argument[2];pending-intent-sent;manual", - "android.app;AlarmManager;true;setInexactRepeating;;;Argument[3];pending-intent-sent;manual", - "android.app;AlarmManager;true;setRepeating;;;Argument[3];pending-intent-sent;manual", - "android.app;AlarmManager;true;setWindow;(int,long,long,PendingIntent);;Argument[3];pending-intent-sent;manual", - "androidx.core.app;AlarmManagerCompat;true;setAlarmClock;;;Argument[2..3];pending-intent-sent;manual", - "androidx.core.app;AlarmManagerCompat;true;setAndAllowWhileIdle;;;Argument[3];pending-intent-sent;manual", - "androidx.core.app;AlarmManagerCompat;true;setExact;;;Argument[3];pending-intent-sent;manual", - "androidx.core.app;AlarmManagerCompat;true;setExactAndAllowWhileIdle;;;Argument[3];pending-intent-sent;manual", - ] - } -} - /** * Holds if taint can flow from `source` to `sink` in one local step, * including bitwise operations. diff --git a/java/ql/lib/semmle/code/java/security/InformationLeak.qll b/java/ql/lib/semmle/code/java/security/InformationLeak.qll index c3a4d0d286c..8fe7d215165 100644 --- a/java/ql/lib/semmle/code/java/security/InformationLeak.qll +++ b/java/ql/lib/semmle/code/java/security/InformationLeak.qll @@ -5,14 +5,6 @@ import semmle.code.java.dataflow.DataFlow private import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.security.XSS -/** CSV sink models representing methods not susceptible to XSS but outputing to an HTTP response body. */ -private class DefaultInformationLeakSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - "javax.servlet.http;HttpServletResponse;false;sendError;(int,String);;Argument[1];information-leak;manual" - } -} - /** A sink that represent a method that outputs data to an HTTP response. */ abstract class InformationLeakSink extends DataFlow::Node { } diff --git a/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll b/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll deleted file mode 100644 index ed722c2f18a..00000000000 --- a/java/ql/lib/semmle/code/java/security/JexlInjectionSinkModels.qll +++ /dev/null @@ -1,43 +0,0 @@ -/** Provides sink models relating to Expression Language (JEXL) injection vulnerabilities. */ - -private import semmle.code.java.dataflow.ExternalFlow - -private class DefaultJexlInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - // JEXL2 - "org.apache.commons.jexl2;JexlEngine;false;getProperty;(JexlContext,Object,String);;Argument[2];jexl;manual", - "org.apache.commons.jexl2;JexlEngine;false;getProperty;(Object,String);;Argument[1];jexl;manual", - "org.apache.commons.jexl2;JexlEngine;false;setProperty;(JexlContext,Object,String,Object);;Argument[2];jexl;manual", - "org.apache.commons.jexl2;JexlEngine;false;setProperty;(Object,String,Object);;Argument[1];jexl;manual", - "org.apache.commons.jexl2;Expression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;Expression;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;JexlExpression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;JexlExpression;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;Script;false;execute;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;Script;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;JexlScript;false;execute;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;JexlScript;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;UnifiedJEXL$Expression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;UnifiedJEXL$Expression;false;prepare;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl2;UnifiedJEXL$Template;false;evaluate;;;Argument[-1];jexl;manual", - // JEXL3 - "org.apache.commons.jexl3;JexlEngine;false;getProperty;(JexlContext,Object,String);;Argument[2];jexl;manual", - "org.apache.commons.jexl3;JexlEngine;false;getProperty;(Object,String);;Argument[1];jexl;manual", - "org.apache.commons.jexl3;JexlEngine;false;setProperty;(JexlContext,Object,String);;Argument[2];jexl;manual", - "org.apache.commons.jexl3;JexlEngine;false;setProperty;(Object,String,Object);;Argument[1];jexl;manual", - "org.apache.commons.jexl3;Expression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;Expression;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JexlExpression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JexlExpression;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;Script;false;execute;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;Script;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JexlScript;false;execute;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JexlScript;false;callable;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JxltEngine$Expression;false;evaluate;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JxltEngine$Expression;false;prepare;;;Argument[-1];jexl;manual", - "org.apache.commons.jexl3;JxltEngine$Template;false;evaluate;;;Argument[-1];jexl;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/security/JndiInjection.qll b/java/ql/lib/semmle/code/java/security/JndiInjection.qll index 9dca731af80..cacf725cc99 100644 --- a/java/ql/lib/semmle/code/java/security/JndiInjection.qll +++ b/java/ql/lib/semmle/code/java/security/JndiInjection.qll @@ -72,62 +72,6 @@ private class ProviderUrlJndiInjectionSink extends JndiInjectionSink, DataFlow:: } } -/** CSV sink models representing methods susceptible to JNDI injection attacks. */ -private class DefaultJndiInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.naming;Context;true;lookup;;;Argument[0];jndi-injection;manual", - "javax.naming;Context;true;lookupLink;;;Argument[0];jndi-injection;manual", - "javax.naming;Context;true;rename;;;Argument[0];jndi-injection;manual", - "javax.naming;Context;true;list;;;Argument[0];jndi-injection;manual", - "javax.naming;Context;true;listBindings;;;Argument[0];jndi-injection;manual", - "javax.naming;InitialContext;true;doLookup;;;Argument[0];jndi-injection;manual", - "javax.management.remote;JMXConnector;true;connect;;;Argument[-1];jndi-injection;manual", - "javax.management.remote;JMXConnectorFactory;false;connect;;;Argument[0];jndi-injection;manual", - // Spring - "org.springframework.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection;manual", - // spring-ldap 1.2.x and newer - "org.springframework.ldap.core;LdapOperations;true;lookup;(Name);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookup;(String);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookup;(String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookup;(String,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;findByDn;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;rename;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;list;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;listBindings;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,int,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(Name,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(String,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(String,String,int,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;search;(String,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;searchForObject;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap.core;LdapOperations;true;searchForObject;(String,String,ContextMapper);;Argument[0];jndi-injection;manual", - // spring-ldap 1.1.x - "org.springframework.ldap;LdapOperations;true;lookup;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;findByDn;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;rename;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;list;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;listBindings;;;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(Name,String,int,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(Name,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(String,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(String,String,int,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;search;(String,String,int,String[],ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;searchForObject;(Name,String,ContextMapper);;Argument[0];jndi-injection;manual", - "org.springframework.ldap;LdapOperations;true;searchForObject;(String,String,ContextMapper);;Argument[0];jndi-injection;manual", - // Shiro - "org.apache.shiro.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection;manual" - ] - } -} - /** A set of additional taint steps to consider when taint tracking JNDI injection related data flows. */ private class DefaultJndiInjectionAdditionalTaintStep extends JndiInjectionAdditionalTaintStep { override predicate step(DataFlow::Node node1, DataFlow::Node node2) { diff --git a/java/ql/lib/semmle/code/java/security/LdapInjection.qll b/java/ql/lib/semmle/code/java/security/LdapInjection.qll index 35c59279f4e..d78bd2f7ae1 100644 --- a/java/ql/lib/semmle/code/java/security/LdapInjection.qll +++ b/java/ql/lib/semmle/code/java/security/LdapInjection.qll @@ -32,53 +32,6 @@ private class DefaultLdapInjectionSink extends LdapInjectionSink { DefaultLdapInjectionSink() { sinkNode(this, "ldap") } } -private class DefaultLdapInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - // jndi - "javax.naming.directory;DirContext;true;search;;;Argument[0..1];ldap;manual", - // apache - "org.apache.directory.ldap.client.api;LdapConnection;true;search;;;Argument[0..2];ldap;manual", - // UnboundID: search - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(ReadOnlySearchRequest);;Argument[0];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchRequest);;Argument[0];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[]);;Argument[0..7];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,DereferencePolicy,int,int,boolean,String,String[]);;Argument[0..7];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,Filter,String[]);;Argument[0..3];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(SearchResultListener,String,SearchScope,String,String[]);;Argument[0..3];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,DereferencePolicy,int,int,boolean,Filter,String[]);;Argument[0..6];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,DereferencePolicy,int,int,boolean,String,String[]);;Argument[0..6];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,Filter,String[]);;Argument[0..2];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;search;(String,SearchScope,String,String[]);;Argument[0..2];ldap;manual", - // UnboundID: searchForEntry - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(ReadOnlySearchRequest);;Argument[0];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(SearchRequest);;Argument[0];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,DereferencePolicy,int,boolean,Filter,String[]);;Argument[0..5];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,DereferencePolicy,int,boolean,String,String[]);;Argument[0..5];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,Filter,String[]);;Argument[0..2];ldap;manual", - "com.unboundid.ldap.sdk;LDAPConnection;false;searchForEntry;(String,SearchScope,String,String[]);;Argument[0..2];ldap;manual", - // UnboundID: asyncSearch - "com.unboundid.ldap.sdk;LDAPConnection;false;asyncSearch;;;Argument[0];ldap;manual", - // Spring - "org.springframework.ldap.core;LdapTemplate;false;find;;;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;findOne;;;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;search;;;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;searchForContext;;;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;searchForObject;;;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(LdapQuery,String);;Argument[0];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticatedLdapEntryContextCallback);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(Name,String,String,AuthenticationErrorCallback);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticatedLdapEntryContextCallback);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticatedLdapEntryContextCallback,AuthenticationErrorCallback);;Argument[0..1];ldap;manual", - "org.springframework.ldap.core;LdapTemplate;false;authenticate;(String,String,String,AuthenticationErrorCallback);;Argument[0..1];ldap;manual" - ] - } -} - /** A sanitizer that clears the taint on (boxed) primitive types. */ private class DefaultLdapSanitizer extends LdapInjectionSanitizer { DefaultLdapSanitizer() { diff --git a/java/ql/lib/semmle/code/java/security/MvelInjection.qll b/java/ql/lib/semmle/code/java/security/MvelInjection.qll index 167b21edae6..a0ada3d91a1 100644 --- a/java/ql/lib/semmle/code/java/security/MvelInjection.qll +++ b/java/ql/lib/semmle/code/java/security/MvelInjection.qll @@ -28,31 +28,6 @@ private class DefaultMvelEvaluationSink extends MvelEvaluationSink { DefaultMvelEvaluationSink() { sinkNode(this, "mvel") } } -private class DefaulMvelEvaluationSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.script;CompiledScript;false;eval;;;Argument[-1];mvel;manual", - "org.mvel2;MVEL;false;eval;;;Argument[0];mvel;manual", - "org.mvel2;MVEL;false;executeExpression;;;Argument[0];mvel;manual", - "org.mvel2;MVEL;false;evalToBoolean;;;Argument[0];mvel;manual", - "org.mvel2;MVEL;false;evalToString;;;Argument[0];mvel;manual", - "org.mvel2;MVEL;false;executeAllExpression;;;Argument[0];mvel;manual", - "org.mvel2;MVEL;false;executeSetExpression;;;Argument[0];mvel;manual", - "org.mvel2;MVELRuntime;false;execute;;;Argument[1];mvel;manual", - "org.mvel2.templates;TemplateRuntime;false;eval;;;Argument[0];mvel;manual", - "org.mvel2.templates;TemplateRuntime;false;execute;;;Argument[0];mvel;manual", - "org.mvel2.jsr223;MvelScriptEngine;false;eval;;;Argument[0];mvel;manual", - "org.mvel2.jsr223;MvelScriptEngine;false;evaluate;;;Argument[0];mvel;manual", - "org.mvel2.jsr223;MvelCompiledScript;false;eval;;;Argument[-1];mvel;manual", - "org.mvel2.compiler;ExecutableStatement;false;getValue;;;Argument[-1];mvel;manual", - "org.mvel2.compiler;CompiledExpression;false;getDirectValue;;;Argument[-1];mvel;manual", - "org.mvel2.compiler;CompiledAccExpression;false;getValue;;;Argument[-1];mvel;manual", - "org.mvel2.compiler;Accessor;false;getValue;;;Argument[-1];mvel;manual" - ] - } -} - /** A default sanitizer that considers numeric and boolean typed data safe for building MVEL expressions */ private class DefaultMvelInjectionSanitizer extends MvelInjectionSanitizer { DefaultMvelInjectionSanitizer() { diff --git a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll index 1ebede55b78..aa10de4d3c1 100644 --- a/java/ql/lib/semmle/code/java/security/OgnlInjection.qll +++ b/java/ql/lib/semmle/code/java/security/OgnlInjection.qll @@ -25,29 +25,6 @@ class OgnlInjectionAdditionalTaintStep extends Unit { abstract predicate step(DataFlow::Node node1, DataFlow::Node node2); } -private class DefaultOgnlInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "org.apache.commons.ognl;Ognl;false;getValue;;;Argument[0];ognl-injection;manual", - "org.apache.commons.ognl;Ognl;false;setValue;;;Argument[0];ognl-injection;manual", - "org.apache.commons.ognl;Node;true;getValue;;;Argument[-1];ognl-injection;manual", - "org.apache.commons.ognl;Node;true;setValue;;;Argument[-1];ognl-injection;manual", - "org.apache.commons.ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection;manual", - "org.apache.commons.ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection;manual", - "ognl;Ognl;false;getValue;;;Argument[0];ognl-injection;manual", - "ognl;Ognl;false;setValue;;;Argument[0];ognl-injection;manual", - "ognl;Node;false;getValue;;;Argument[-1];ognl-injection;manual", - "ognl;Node;false;setValue;;;Argument[-1];ognl-injection;manual", - "ognl.enhance;ExpressionAccessor;true;get;;;Argument[-1];ognl-injection;manual", - "ognl.enhance;ExpressionAccessor;true;set;;;Argument[-1];ognl-injection;manual", - "com.opensymphony.xwork2.ognl;OgnlUtil;false;getValue;;;Argument[0];ognl-injection;manual", - "com.opensymphony.xwork2.ognl;OgnlUtil;false;setValue;;;Argument[0];ognl-injection;manual", - "com.opensymphony.xwork2.ognl;OgnlUtil;false;callMethod;;;Argument[0];ognl-injection;manual" - ] - } -} - private class DefaultOgnlInjectionSink extends OgnlInjectionSink { DefaultOgnlInjectionSink() { sinkNode(this, "ognl-injection") } } diff --git a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll index d59e6c877c3..e99b8d363ff 100644 --- a/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll +++ b/java/ql/lib/semmle/code/java/security/ResponseSplitting.qll @@ -14,18 +14,6 @@ private class DefaultHeaderSplittingSink extends HeaderSplittingSink { DefaultHeaderSplittingSink() { sinkNode(this, "header-splitting") } } -private class HeaderSplittingSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.servlet.http;HttpServletResponse;false;addCookie;;;Argument[0];header-splitting;manual", - "javax.servlet.http;HttpServletResponse;false;addHeader;;;Argument[0..1];header-splitting;manual", - "javax.servlet.http;HttpServletResponse;false;setHeader;;;Argument[0..1];header-splitting;manual", - "javax.ws.rs.core;ResponseBuilder;false;header;;;Argument[1];header-splitting;manual" - ] - } -} - /** A source that introduces data considered safe to use by a header splitting source. */ abstract class SafeHeaderSplittingSource extends DataFlow::Node { SafeHeaderSplittingSource() { this instanceof RemoteFlowSource } diff --git a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll index 079ef551bb3..ce2bd9d217d 100644 --- a/java/ql/lib/semmle/code/java/security/TemplateInjection.qll +++ b/java/ql/lib/semmle/code/java/security/TemplateInjection.qll @@ -76,33 +76,3 @@ private class DefaultTemplateInjectionSanitizer extends TemplateInjectionSanitiz this.getType() instanceof NumericType } } - -private class TemplateInjectionSinkModels extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "freemarker.template;Template;true;Template;(String,Reader);;Argument[1];ssti;manual", - "freemarker.template;Template;true;Template;(String,Reader,Configuration);;Argument[1];ssti;manual", - "freemarker.template;Template;true;Template;(String,Reader,Configuration,String);;Argument[1];ssti;manual", - "freemarker.template;Template;true;Template;(String,String,Reader,Configuration);;Argument[2];ssti;manual", - "freemarker.template;Template;true;Template;(String,String,Reader,Configuration,String);;Argument[2];ssti;manual", - "freemarker.template;Template;true;Template;(String,String,Reader,Configuration,ParserConfiguration,String);;Argument[2];ssti;manual", - "freemarker.template;Template;true;Template;(String,String,Configuration);;Argument[1];ssti;manual", - "freemarker.cache;StringTemplateLoader;true;putTemplate;;;Argument[1];ssti;manual", - "com.mitchellbosecke.pebble;PebbleEngine;true;getTemplate;;;Argument[0];ssti;manual", - "com.mitchellbosecke.pebble;PebbleEngine;true;getLiteralTemplate;;;Argument[0];ssti;manual", - "com.hubspot.jinjava;Jinjava;true;renderForResult;;;Argument[0];ssti;manual", - "com.hubspot.jinjava;Jinjava;true;render;;;Argument[0];ssti;manual", - "org.thymeleaf;ITemplateEngine;true;process;;;Argument[0];ssti;manual", - "org.thymeleaf;ITemplateEngine;true;processThrottled;;;Argument[0];ssti;manual", - "org.apache.velocity.app;Velocity;true;evaluate;;;Argument[3];ssti;manual", - "org.apache.velocity.app;Velocity;true;mergeTemplate;;;Argument[2];ssti;manual", - "org.apache.velocity.app;VelocityEngine;true;evaluate;;;Argument[3];ssti;manual", - "org.apache.velocity.app;VelocityEngine;true;mergeTemplate;;;Argument[2];ssti;manual", - "org.apache.velocity.runtime.resource.util;StringResourceRepository;true;putStringResource;;;Argument[1];ssti;manual", - "org.apache.velocity.runtime;RuntimeServices;true;evaluate;;;Argument[3];ssti;manual", - "org.apache.velocity.runtime;RuntimeServices;true;parse;;;Argument[0];ssti;manual", - "org.apache.velocity.runtime;RuntimeSingleton;true;parse;;;Argument[0];ssti;manual" - ] - } -} diff --git a/java/ql/lib/semmle/code/java/security/XPath.qll b/java/ql/lib/semmle/code/java/security/XPath.qll index 2122093a05c..c8b1077990d 100644 --- a/java/ql/lib/semmle/code/java/security/XPath.qll +++ b/java/ql/lib/semmle/code/java/security/XPath.qll @@ -10,38 +10,6 @@ private import semmle.code.java.dataflow.ExternalFlow */ abstract class XPathInjectionSink extends DataFlow::Node { } -/** CSV sink models representing methods susceptible to XPath Injection attacks. */ -private class DefaultXPathInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.xml.xpath;XPath;true;evaluate;;;Argument[0];xpath;manual", - "javax.xml.xpath;XPath;true;evaluateExpression;;;Argument[0];xpath;manual", - "javax.xml.xpath;XPath;true;compile;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;selectObject;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;selectNodes;;;Argument[0..1];xpath;manual", - "org.dom4j;Node;true;selectSingleNode;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;numberValueOf;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;valueOf;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;matches;;;Argument[0];xpath;manual", - "org.dom4j;Node;true;createXPath;;;Argument[0];xpath;manual", - "org.dom4j;DocumentFactory;true;createPattern;;;Argument[0];xpath;manual", - "org.dom4j;DocumentFactory;true;createXPath;;;Argument[0];xpath;manual", - "org.dom4j;DocumentFactory;true;createXPathFilter;;;Argument[0];xpath;manual", - "org.dom4j;DocumentHelper;false;createPattern;;;Argument[0];xpath;manual", - "org.dom4j;DocumentHelper;false;createXPath;;;Argument[0];xpath;manual", - "org.dom4j;DocumentHelper;false;createXPathFilter;;;Argument[0];xpath;manual", - "org.dom4j;DocumentHelper;false;selectNodes;;;Argument[0];xpath;manual", - "org.dom4j;DocumentHelper;false;sort;;;Argument[1];xpath;manual", - "org.dom4j.tree;AbstractNode;true;createXPathFilter;;;Argument[0];xpath;manual", - "org.dom4j.tree;AbstractNode;true;createPattern;;;Argument[0];xpath;manual", - "org.dom4j.util;ProxyDocumentFactory;true;createPattern;;;Argument[0];xpath;manual", - "org.dom4j.util;ProxyDocumentFactory;true;createXPath;;;Argument[0];xpath;manual", - "org.dom4j.util;ProxyDocumentFactory;true;createXPathFilter;;;Argument[0];xpath;manual" - ] - } -} - /** A default sink representing methods susceptible to XPath Injection attacks. */ private class DefaultXPathInjectionSink extends XPathInjectionSink { DefaultXPathInjectionSink() { diff --git a/java/ql/lib/semmle/code/java/security/XsltInjection.qll b/java/ql/lib/semmle/code/java/security/XsltInjection.qll index 570a7575af3..f6953a09539 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll @@ -15,20 +15,6 @@ private class DefaultXsltInjectionSink extends XsltInjectionSink { DefaultXsltInjectionSink() { sinkNode(this, "xslt") } } -private class DefaultXsltInjectionSinkModel extends SinkModelCsv { - override predicate row(string row) { - row = - [ - "javax.xml.transform;Transformer;false;transform;;;Argument[-1];xslt;manual", - "net.sf.saxon.s9api;XsltTransformer;false;transform;;;Argument[-1];xslt;manual", - "net.sf.saxon.s9api;Xslt30Transformer;false;transform;;;Argument[-1];xslt;manual", - "net.sf.saxon.s9api;Xslt30Transformer;false;applyTemplates;;;Argument[-1];xslt;manual", - "net.sf.saxon.s9api;Xslt30Transformer;false;callFunction;;;Argument[-1];xslt;manual", - "net.sf.saxon.s9api;Xslt30Transformer;false;callTemplate;;;Argument[-1];xslt;manual" - ] - } -} - /** * A unit class for adding additional taint steps. * diff --git a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll index 3c1e2e98229..7b96ad6e198 100644 --- a/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll +++ b/java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll @@ -2,8 +2,8 @@ import java private import semmle.code.java.dataflow.DataFlow +private import semmle.code.java.dataflow.ExternalFlow private import semmle.code.java.frameworks.Regex -private import semmle.code.java.regex.RegexFlowModels /** A data flow sink for untrusted user input used to construct regular expressions. */ abstract class RegexInjectionSink extends DataFlow::ExprNode { }