hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 18:55:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

rm VerificationMethodFlowConfig, use springframework-5.2.3 stub

Browse Source
This commit is contained in:
haby0
2021-04-15 10:25:40 +08:00
parent 77208bcc91
commit b3bdf89fc2
40 changed files with 346 additions and 866 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.java
View File

@@ -105,52 +105,9 @@ public class JsonpInjection {
return resultStr;
}
@GetMapping(value = "jsonp8")
@ResponseBody
public String bad8(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token); //Just check.
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@GetMapping(value = "jsonp9")
@ResponseBody
public String good1(HttpServletRequest request) {
String resultStr = null;
String referer = request.getParameter("referer");
if (verifReferer(referer)){
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
return "error";
}
@GetMapping(value = "jsonp10")
@ResponseBody
public String good2(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token);
if (result){
return "";
}
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@RequestMapping(value = "jsonp11")
@ResponseBody
public String good3(HttpServletRequest request) {
public String good1(HttpServletRequest request) {
JSONObject parameterObj = readToJSONObect(request);
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
@@ -161,7 +118,7 @@ public class JsonpInjection {
@RequestMapping(value = "jsonp12")
@ResponseBody
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
public String good2(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
if(null == file){
return "upload file error";
}
@@ -201,18 +158,4 @@ public class JsonpInjection {
public static String getJsonStr(Object result) {
return JSONObject.toJSONString(result);
}
public static boolean verifToken(String token){
if (token != "xxxx"){
return false;
}
return true;
}
public static boolean verifReferer(String str){
if (str != "xxxx"){
return false;
}
return true;
}
}

5
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.qhelp
View File

@@ -14,10 +14,9 @@ When there is a cross-domain problem, this could lead to information leakage.</p
</recommendation>
<example>
<p>The following examples show the bad case and the good case respectively. Bad cases, such as <code>bad1</code> to <code>bad8</code>,
<p>The following examples show the bad case and the good case respectively. Bad cases, such as <code>bad1</code> to <code>bad7</code>,
will cause information leakage when there are cross-domain problems. In a good case, for example, in the <code>good1</code>
method and the <code>good2</code> method, using the <code>verifToken</code> method to do random <code>token</code> verification
solves the problem of information leakage even in the presence of cross-domain access issues.</p>
method and the <code>good2</code> method, When these two methods process the request, there must be a request body in the request, which does not meet the conditions of Jsonp injection.</p>
<sample src="JsonpInjection.java" />

51
java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjectionLib.qll
View File

@@ -7,62 +7,11 @@ import semmle.code.java.dataflow.DataFlow3
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.frameworks.spring.SpringController
/** A data flow configuration tracing flow from the result of a method whose name includes token/auth/referer/origin to an if-statement condition. */
class VerificationMethodToIfFlowConfig extends DataFlow3::Configuration {
VerificationMethodToIfFlowConfig() { this = "VerificationMethodToIfFlowConfig" }
override predicate isSource(DataFlow::Node src) {
exists(MethodAccess ma | ma instanceof BarrierGuard |
(
ma.getMethod().getAParameter().getName().regexpMatch("(?i).*(token|auth|referer|origin).*")
or
ma.getMethod().getName().regexpMatch("(?i).*(token|auth|referer|origin).*")
) and
ma = src.asExpr()
)
}
override predicate isSink(DataFlow::Node sink) {
exists(IfStmt is | is.getCondition() = sink.asExpr())
}
}
/**
* Taint-tracking configuration tracing flow from untrusted inputs to an argument of a function whose result is used as an if-statement condition.
*
* For example, in the context `String userControlled = request.getHeader("xyz"); boolean isGood = checkToken(userControlled); if(isGood) { ...`,
* the flow from `checkToken`'s result to the condition of `if(isGood)` matches the configuration `VerificationMethodToIfFlowConfig` above,
* and so the flow from `getHeader(...)` to the argument to `checkToken` matches this configuration.
*/
class VerificationMethodFlowConfig extends TaintTracking2::Configuration {
VerificationMethodFlowConfig() { this = "VerificationMethodFlowConfig" }
override predicate isSource(DataFlow::Node src) { src instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) {
exists(MethodAccess ma, int i, VerificationMethodToIfFlowConfig vmtifc |
ma instanceof BarrierGuard
|
(
ma.getMethod().getParameter(i).getName().regexpMatch("(?i).*(token|auth|referer|origin).*")
or
ma.getMethod().getName().regexpMatch("(?i).*(token|auth|referer|origin).*")
) and
ma.getArgument(i) = sink.asExpr() and
vmtifc.hasFlow(exprNode(ma), _)
)
}
}
/**
* A method that is called to handle an HTTP GET request.
*/
abstract class RequestGetMethod extends Method {
RequestGetMethod() {
not exists(DataFlow::Node source, DataFlow::Node sink, VerificationMethodFlowConfig vmfc |
vmfc.hasFlow(source, sink) and
any(this).polyCalls*(source.getEnclosingCallable())
) and
not exists(MethodAccess ma |
ma.getMethod() instanceof ServletRequestGetBodyMethod and
any(this).polyCalls*(ma.getEnclosingCallable())

61
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringController/JsonpController.java → java/ql/test/experimental/query-tests/security/CWE-352/JsonpController.java
View File

@@ -105,52 +105,9 @@ public class JsonpController {
return resultStr;
}
@GetMapping(value = "jsonp8")
@ResponseBody
public String bad8(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token); //Just check.
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@GetMapping(value = "jsonp9")
@ResponseBody
public String good1(HttpServletRequest request) {
String resultStr = null;
String referer = request.getParameter("referer");
if (verifReferer(referer)){
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
return "error";
}
@GetMapping(value = "jsonp10")
@ResponseBody
public String good2(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token);
if (result){
return "";
}
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@RequestMapping(value = "jsonp11")
@ResponseBody
public String good3(HttpServletRequest request) {
public String good1(HttpServletRequest request) {
JSONObject parameterObj = readToJSONObect(request);
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
@@ -161,7 +118,7 @@ public class JsonpController {
@RequestMapping(value = "jsonp12")
@ResponseBody
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
public String good2(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
if(null == file){
return "upload file error";
}
@@ -201,18 +158,4 @@ public class JsonpController {
public static String getJsonStr(Object result) {
return JSONObject.toJSONString(result);
}
public static boolean verifToken(String token){
if (token != "xxxx"){
return false;
}
return true;
}
public static boolean verifReferer(String str){
if (str != "xxxx"){
return false;
}
return true;
}
}

25
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringController/JsonpInjection.expected → java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.expected
View File

@@ -13,12 +13,8 @@ edges
| JsonpController.java:93:21:93:54 | ... + ... : String | JsonpController.java:94:20:94:28 | resultStr |
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr |
| JsonpController.java:104:21:104:54 | ... + ... : String | JsonpController.java:105:16:105:24 | resultStr |
| JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr |
| JsonpController.java:116:21:116:55 | ... + ... : String | JsonpController.java:117:16:117:24 | resultStr |
| JsonpController.java:129:25:129:59 | ... + ... : String | JsonpController.java:130:20:130:28 | resultStr |
| JsonpController.java:147:21:147:55 | ... + ... : String | JsonpController.java:148:16:148:24 | resultStr |
| JsonpController.java:158:21:158:54 | ... + ... : String | JsonpController.java:159:16:159:24 | resultStr |
| JsonpController.java:173:21:173:54 | ... + ... : String | JsonpController.java:174:16:174:24 | resultStr |
| JsonpController.java:115:21:115:54 | ... + ... : String | JsonpController.java:116:16:116:24 | resultStr |
| JsonpController.java:130:21:130:54 | ... + ... : String | JsonpController.java:131:16:131:24 | resultStr |
nodes
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:36:21:36:54 | ... + ... : String | semmle.label | ... + ... : String |
@@ -48,18 +44,10 @@ nodes
| JsonpController.java:104:21:104:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:114:32:114:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:116:21:116:55 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:129:25:129:59 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:147:21:147:55 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:158:21:158:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:159:16:159:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:173:21:173:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:174:16:174:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:115:21:115:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:116:16:116:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:130:21:130:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:131:16:131:24 | resultStr | semmle.label | resultStr |
#select
| JsonpController.java:37:16:37:24 | resultStr | JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:33:32:33:68 | getParameter(...) | this user input |
| JsonpController.java:46:16:46:24 | resultStr | JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:44:32:44:68 | getParameter(...) | this user input |
@@ -68,4 +56,3 @@ nodes
| JsonpController.java:80:20:80:28 | resultStr | JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:73:32:73:68 | getParameter(...) | this user input |
| JsonpController.java:94:20:94:28 | resultStr | JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:87:32:87:68 | getParameter(...) | this user input |
| JsonpController.java:105:16:105:24 | resultStr | JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:101:32:101:68 | getParameter(...) | this user input |
| JsonpController.java:117:16:117:24 | resultStr | JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:114:32:114:68 | getParameter(...) | this user input |

0
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringController/JsonpInjection.qlref → java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjection.qlref
View File

1
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringController/options
View File

@@ -1 +0,0 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../../stubs/gson-2.8.6/:${testdir}/../../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../../stubs/spring-context-5.3.2/:${testdir}/../../../../../stubs/spring-web-5.3.2/:${testdir}/../../../../../stubs/spring-core-5.3.2/:${testdir}/../../../../../stubs/tomcat-embed-core-9.0.41/

218
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/JsonpController.java
View File

@@ -1,218 +0,0 @@
import com.alibaba.fastjson.JSONObject;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.google.gson.Gson;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.multipart.MultipartFile;
@Controller
public class JsonpController {
private static HashMap hashMap = new HashMap();
static {
hashMap.put("username","admin");
hashMap.put("password","123456");
}
@GetMapping(value = "jsonp1")
@ResponseBody
public String bad1(HttpServletRequest request) {
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
Gson gson = new Gson();
String result = gson.toJson(hashMap);
resultStr = jsonpCallback + "(" + result + ")";
return resultStr;
}
@GetMapping(value = "jsonp2")
@ResponseBody
public String bad2(HttpServletRequest request) {
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
resultStr = jsonpCallback + "(" + JSONObject.toJSONString(hashMap) + ")";
return resultStr;
}
@GetMapping(value = "jsonp3")
@ResponseBody
public String bad3(HttpServletRequest request) {
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@GetMapping(value = "jsonp4")
@ResponseBody
public String bad4(HttpServletRequest request) {
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
String restr = JSONObject.toJSONString(hashMap);
resultStr = jsonpCallback + "(" + restr + ");";
return resultStr;
}
@GetMapping(value = "jsonp5")
@ResponseBody
public void bad5(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String jsonpCallback = request.getParameter("jsonpCallback");
PrintWriter pw = null;
Gson gson = new Gson();
String result = gson.toJson(hashMap);
String resultStr = null;
pw = response.getWriter();
resultStr = jsonpCallback + "(" + result + ")";
pw.println(resultStr);
}
@GetMapping(value = "jsonp6")
@ResponseBody
public void bad6(HttpServletRequest request,
HttpServletResponse response) throws Exception {
String jsonpCallback = request.getParameter("jsonpCallback");
PrintWriter pw = null;
ObjectMapper mapper = new ObjectMapper();
String result = mapper.writeValueAsString(hashMap);
String resultStr = null;
pw = response.getWriter();
resultStr = jsonpCallback + "(" + result + ")";
pw.println(resultStr);
}
@RequestMapping(value = "jsonp7", method = RequestMethod.GET)
@ResponseBody
public String bad7(HttpServletRequest request) {
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
Gson gson = new Gson();
String result = gson.toJson(hashMap);
resultStr = jsonpCallback + "(" + result + ")";
return resultStr;
}
@GetMapping(value = "jsonp8")
@ResponseBody
public String bad8(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token); //Just check.
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@GetMapping(value = "jsonp9")
@ResponseBody
public String good1(HttpServletRequest request) {
String resultStr = null;
String referer = request.getParameter("referer");
if (verifReferer(referer)){
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
return "error";
}
@GetMapping(value = "jsonp10")
@ResponseBody
public String good2(HttpServletRequest request) {
String resultStr = null;
String token = request.getParameter("token");
boolean result = verifToken(token);
if (result){
return "";
}
String jsonpCallback = request.getParameter("jsonpCallback");
String jsonStr = getJsonStr(hashMap);
resultStr = jsonpCallback + "(" + jsonStr + ")";
return resultStr;
}
@RequestMapping(value = "jsonp11")
@ResponseBody
public String good3(HttpServletRequest request) {
JSONObject parameterObj = readToJSONObect(request);
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
String restr = JSONObject.toJSONString(hashMap);
resultStr = jsonpCallback + "(" + restr + ");";
return resultStr;
}
@RequestMapping(value = "jsonp12")
@ResponseBody
public String good4(@RequestParam("file") MultipartFile file,HttpServletRequest request) {
if(null == file){
return "upload file error";
}
String fileName = file.getOriginalFilename();
System.out.println("file operations");
String resultStr = null;
String jsonpCallback = request.getParameter("jsonpCallback");
String restr = JSONObject.toJSONString(hashMap);
resultStr = jsonpCallback + "(" + restr + ");";
return resultStr;
}
public static JSONObject readToJSONObect(HttpServletRequest request){
String jsonText = readPostContent(request);
JSONObject jsonObj = JSONObject.parseObject(jsonText, JSONObject.class);
return jsonObj;
}
public static String readPostContent(HttpServletRequest request){
BufferedReader in= null;
String content = null;
String line = null;
try {
in = new BufferedReader(new InputStreamReader(request.getInputStream(),"UTF-8"));
StringBuilder buf = new StringBuilder();
while ((line = in.readLine()) != null) {
buf.append(line);
}
content = buf.toString();
} catch (IOException e) {
e.printStackTrace();
}
String uri = request.getRequestURI();
return content;
}
public static String getJsonStr(Object result) {
return JSONObject.toJSONString(result);
}
public static boolean verifToken(String token){
if (token != "xxxx"){
return false;
}
return true;
}
public static boolean verifReferer(String str){
if (str != "xxxx"){
return false;
}
return true;
}
}

81
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/JsonpInjection.expected
View File

@@ -1,81 +0,0 @@
edges
| JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr |
| JsonpController.java:36:21:36:54 | ... + ... : String | JsonpController.java:37:16:37:24 | resultStr |
| JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr |
| JsonpController.java:45:21:45:80 | ... + ... : String | JsonpController.java:46:16:46:24 | resultStr |
| JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr |
| JsonpController.java:55:21:55:55 | ... + ... : String | JsonpController.java:56:16:56:24 | resultStr |
| JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr |
| JsonpController.java:65:21:65:54 | ... + ... : String | JsonpController.java:66:16:66:24 | resultStr |
| JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr |
| JsonpController.java:79:21:79:54 | ... + ... : String | JsonpController.java:80:20:80:28 | resultStr |
| JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr |
| JsonpController.java:93:21:93:54 | ... + ... : String | JsonpController.java:94:20:94:28 | resultStr |
| JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr |
| JsonpController.java:104:21:104:54 | ... + ... : String | JsonpController.java:105:16:105:24 | resultStr |
| JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr |
| JsonpController.java:116:21:116:55 | ... + ... : String | JsonpController.java:117:16:117:24 | resultStr |
| JsonpController.java:129:25:129:59 | ... + ... : String | JsonpController.java:130:20:130:28 | resultStr |
| JsonpController.java:147:21:147:55 | ... + ... : String | JsonpController.java:148:16:148:24 | resultStr |
| JsonpController.java:158:21:158:54 | ... + ... : String | JsonpController.java:159:16:159:24 | resultStr |
| JsonpController.java:173:21:173:54 | ... + ... : String | JsonpController.java:174:16:174:24 | resultStr |
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | JsonpInjectionServlet1.java:45:24:45:32 | resultStr |
| JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
| JsonpInjectionServlet2.java:38:21:38:54 | ... + ... : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr |
nodes
| JsonpController.java:33:32:33:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:36:21:36:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:37:16:37:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:44:32:44:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:45:21:45:80 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:46:16:46:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:53:32:53:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:55:21:55:55 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:56:16:56:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:63:32:63:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:65:21:65:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:66:16:66:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:73:32:73:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:79:21:79:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:80:20:80:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:87:32:87:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:93:21:93:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:94:20:94:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:101:32:101:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:104:21:104:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:105:16:105:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:114:32:114:68 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpController.java:116:21:116:55 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:117:16:117:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:129:25:129:59 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:130:20:130:28 | resultStr | semmle.label | resultStr |
| JsonpController.java:147:21:147:55 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:148:16:148:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:158:21:158:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:159:16:159:24 | resultStr | semmle.label | resultStr |
| JsonpController.java:173:21:173:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpController.java:174:16:174:24 | resultStr | semmle.label | resultStr |
| JsonpInjectionServlet1.java:44:25:44:62 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpInjectionServlet1.java:45:24:45:32 | resultStr | semmle.label | resultStr |
| JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| JsonpInjectionServlet2.java:38:21:38:54 | ... + ... : String | semmle.label | ... + ... : String |
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | semmle.label | resultStr |
#select
| JsonpController.java:37:16:37:24 | resultStr | JsonpController.java:33:32:33:68 | getParameter(...) : String | JsonpController.java:37:16:37:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:33:32:33:68 | getParameter(...) | this user input |
| JsonpController.java:46:16:46:24 | resultStr | JsonpController.java:44:32:44:68 | getParameter(...) : String | JsonpController.java:46:16:46:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:44:32:44:68 | getParameter(...) | this user input |
| JsonpController.java:56:16:56:24 | resultStr | JsonpController.java:53:32:53:68 | getParameter(...) : String | JsonpController.java:56:16:56:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:53:32:53:68 | getParameter(...) | this user input |
| JsonpController.java:66:16:66:24 | resultStr | JsonpController.java:63:32:63:68 | getParameter(...) : String | JsonpController.java:66:16:66:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:63:32:63:68 | getParameter(...) | this user input |
| JsonpController.java:80:20:80:28 | resultStr | JsonpController.java:73:32:73:68 | getParameter(...) : String | JsonpController.java:80:20:80:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:73:32:73:68 | getParameter(...) | this user input |
| JsonpController.java:94:20:94:28 | resultStr | JsonpController.java:87:32:87:68 | getParameter(...) : String | JsonpController.java:94:20:94:28 | resultStr | Jsonp response might include code from $@. | JsonpController.java:87:32:87:68 | getParameter(...) | this user input |
| JsonpController.java:105:16:105:24 | resultStr | JsonpController.java:101:32:101:68 | getParameter(...) : String | JsonpController.java:105:16:105:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:101:32:101:68 | getParameter(...) | this user input |
| JsonpController.java:117:16:117:24 | resultStr | JsonpController.java:114:32:114:68 | getParameter(...) : String | JsonpController.java:117:16:117:24 | resultStr | Jsonp response might include code from $@. | JsonpController.java:114:32:114:68 | getParameter(...) | this user input |
| JsonpInjectionServlet2.java:39:20:39:28 | resultStr | JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) : String | JsonpInjectionServlet2.java:39:20:39:28 | resultStr | Jsonp response might include code from $@. | JsonpInjectionServlet2.java:31:32:31:64 | getParameter(...) | this user input |

1
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/JsonpInjection.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-352/JsonpInjection.ql

64
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/JsonpInjectionServlet1.java
View File

@@ -1,64 +0,0 @@
import com.google.gson.Gson;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class JsonpInjectionServlet1 extends HttpServlet {
private static HashMap hashMap = new HashMap();
static {
hashMap.put("username","admin");
hashMap.put("password","123456");
}
private static final long serialVersionUID = 1L;
private String key = "test";
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("application/json");
String jsonpCallback = req.getParameter("jsonpCallback");
PrintWriter pw = null;
Gson gson = new Gson();
String jsonResult = gson.toJson(hashMap);
String referer = req.getHeader("Referer");
boolean result = verifReferer(referer);
// good
if (result){
String resultStr = null;
pw = resp.getWriter();
resultStr = jsonpCallback + "(" + jsonResult + ")";
pw.println(resultStr);
pw.flush();
}
}
public static boolean verifReferer(String referer){
if (!referer.startsWith("http://test.com/")){
return false;
}
return true;
}
@Override
public void init(ServletConfig config) throws ServletException {
this.key = config.getInitParameter("key");
System.out.println("初始化" + this.key);
super.init(config);
}
}

50
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/JsonpInjectionServlet2.java
View File

@@ -1,50 +0,0 @@
import com.google.gson.Gson;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.HashMap;
import javax.servlet.ServletConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class JsonpInjectionServlet2 extends HttpServlet {
private static HashMap hashMap = new HashMap();
static {
hashMap.put("username","admin");
hashMap.put("password","123456");
}
private static final long serialVersionUID = 1L;
private String key = "test";
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
doPost(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
resp.setContentType("application/json");
String jsonpCallback = req.getParameter("jsonpCallback");
PrintWriter pw = null;
Gson gson = new Gson();
String result = gson.toJson(hashMap);
String resultStr = null;
pw = resp.getWriter();
resultStr = jsonpCallback + "(" + result + ")";
pw.println(resultStr);
pw.flush();
}
@Override
public void init(ServletConfig config) throws ServletException {
this.key = config.getInitParameter("key");
System.out.println("初始化" + this.key);
super.init(config);
}
}

1
java/ql/test/experimental/query-tests/security/CWE-352/JsonpInjectionWithSpringControllerAndServlet/options
View File

@@ -1 +0,0 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../../stubs/gson-2.8.6/:${testdir}/../../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../../stubs/spring-context-5.3.2/:${testdir}/../../../../../stubs/spring-web-5.3.2/:${testdir}/../../../../../stubs/spring-core-5.3.2/:${testdir}/../../../../../stubs/tomcat-embed-core-9.0.41/

1
java/ql/test/experimental/query-tests/security/CWE-352/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../stubs/springframework-5.2.3/

14
java/ql/test/stubs/spring-context-5.3.2/org/springframework/stereotype/Controller.java
View File

@@ -1,14 +0,0 @@
package org.springframework.stereotype;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Controller {
String value() default "";
}

8
java/ql/test/stubs/spring-core-5.3.2/org/springframework/core/io/InputStreamSource.java
View File

@@ -1,8 +0,0 @@
package org.springframework.core.io;
import java.io.IOException;
import java.io.InputStream;
public interface InputStreamSource {
InputStream getInputStream() throws IOException;
}

46
java/ql/test/stubs/spring-core-5.3.2/org/springframework/core/io/Resource.java
View File

@@ -1,46 +0,0 @@
package org.springframework.core.io;
import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URL;
import java.nio.channels.Channels;
import java.nio.channels.ReadableByteChannel;
import org.springframework.lang.Nullable;
public interface Resource extends InputStreamSource {
boolean exists();
default boolean isReadable() {
return this.exists();
}
default boolean isOpen() {
return false;
}
default boolean isFile() {
return false;
}
URL getURL() throws IOException;
URI getURI() throws IOException;
File getFile() throws IOException;
default ReadableByteChannel readableChannel() throws IOException {
return null;
}
long contentLength() throws IOException;
long lastModified() throws IOException;
Resource createRelative(String var1) throws IOException;
@Nullable
String getFilename();
String getDescription();
}

13
java/ql/test/stubs/spring-core-5.3.2/org/springframework/lang/Nullable.java
View File

@@ -1,13 +0,0 @@
package org.springframework.lang;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.PARAMETER, ElementType.FIELD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface Nullable {
}

53
java/ql/test/stubs/spring-core-5.3.2/org/springframework/util/FileCopyUtils.java
View File

@@ -1,53 +0,0 @@
package org.springframework.util;
import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.Closeable;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.io.Reader;
import java.io.StringWriter;
import java.io.Writer;
import java.nio.file.Files;
import org.springframework.lang.Nullable;
public abstract class FileCopyUtils {
public static final int BUFFER_SIZE = 4096;
public FileCopyUtils() {
}
public static int copy(File in, File out) throws IOException {
return 1;
}
public static void copy(byte[] in, File out) throws IOException {}
public static byte[] copyToByteArray(File in) throws IOException {
return null;
}
public static int copy(InputStream in, OutputStream out) throws IOException {
return 1;
}
public static void copy(byte[] in, OutputStream out) throws IOException {}
public static byte[] copyToByteArray(@Nullable InputStream in) throws IOException {
return null;
}
public static int copy(Reader in, Writer out) throws IOException {
return 1;
}
public static void copy(String in, Writer out) throws IOException {}
public static String copyToString(@Nullable Reader in) throws IOException {
return null;
}
private static void close(Closeable closeable) {}
}

8
java/ql/test/stubs/spring-core-5.3.2/org/springframework/util/StringUtils.java
View File

@@ -1,8 +0,0 @@
package org.springframework.util;
public abstract class StringUtils {
public static boolean isEmpty(Object str) {
return str == null || "".equals(str);
}
}

32
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/RequestMapping.java
View File

@@ -1,32 +0,0 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.core.annotation.AliasFor;
@Target({ElementType.TYPE, ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Mapping
public @interface RequestMapping {
String name() default "";
@AliasFor("path")
String[] value() default {};
@AliasFor("value")
String[] path() default {};
RequestMethod[] method() default {};
String[] params() default {};
String[] headers() default {};
String[] consumes() default {};
String[] produces() default {};
}

15
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/RequestMethod.java
View File

@@ -1,15 +0,0 @@
package org.springframework.web.bind.annotation;
public enum RequestMethod {
GET,
HEAD,
POST,
PUT,
PATCH,
DELETE,
OPTIONS,
TRACE;
private RequestMethod() {
}
}

23
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/RequestParam.java
View File

@@ -1,23 +0,0 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.core.annotation.AliasFor;
@Target({ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RequestParam {
@AliasFor("name")
String value() default "";
@AliasFor("value")
String name() default "";
boolean required() default true;
String defaultValue() default "\n\t\t\n\t\t\n\ue000\ue001\ue002\n\t\t\t\t\n";
}

38
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/multipart/MultipartFile.java
View File

@@ -1,38 +0,0 @@
package org.springframework.web.multipart;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import org.springframework.core.io.InputStreamSource;
import org.springframework.core.io.Resource;
import org.springframework.lang.Nullable;
import org.springframework.util.FileCopyUtils;
public interface MultipartFile extends InputStreamSource {
String getName();
@Nullable
String getOriginalFilename();
@Nullable
String getContentType();
boolean isEmpty();
long getSize();
byte[] getBytes() throws IOException;
InputStream getInputStream() throws IOException;
default Resource getResource() {
return null;
}
void transferTo(File var1) throws IOException, IllegalStateException;
default void transferTo(Path dest) throws IOException, IllegalStateException {
}
}

BIN
java/ql/test/stubs/springframework-5.2.3.zip Normal file
View File

Binary file not shown.

10
java/ql/test/stubs/springframework-5.2.3/org/springframework/boot/SpringBootConfiguration.java Normal file
View File

@@ -0,0 +1,10 @@
package org.springframework.boot;
import java.lang.annotation.ElementType;
import java.lang.annotation.Target;
import org.springframework.context.annotation.Configuration;
@Target(ElementType.TYPE)
@Configuration
public @interface SpringBootConfiguration {}

12
java/ql/test/stubs/springframework-5.2.3/org/springframework/boot/autoconfigure/SpringBootApplication.java Normal file
View File

@@ -0,0 +1,12 @@
package org.springframework.boot.autoconfigure;
import java.lang.annotation.Target;
import java.lang.annotation.ElementType;
import java.lang.annotation.Inherited;
import org.springframework.boot.SpringBootConfiguration;
@Target(ElementType.TYPE)
@Inherited
@SpringBootConfiguration
public @interface SpringBootApplication {}

10
java/ql/test/stubs/springframework-5.2.3/org/springframework/context/annotation/Bean.java Normal file
View File

@@ -0,0 +1,10 @@
package org.springframework.context.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Target;
@Target({ElementType.METHOD, ElementType.ANNOTATION_TYPE})
public @interface Bean {
String[] name() default {};
}

7
java/ql/test/stubs/springframework-5.2.3/org/springframework/context/annotation/Configuration.java Normal file
View File

@@ -0,0 +1,7 @@
package org.springframework.context.annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Target;
@Target(ElementType.TYPE)
public @interface Configuration {}

0
java/ql/test/stubs/spring-core-5.3.2/org/springframework/core/annotation/AliasFor.java → java/ql/test/stubs/springframework-5.2.3/org/springframework/core/annotation/AliasFor.java
View File

8
java/ql/test/stubs/springframework-5.2.3/org/springframework/remoting/httpinvoker/HttpInvokerServiceExporter.java Normal file
View File

@@ -0,0 +1,8 @@
package org.springframework.remoting.httpinvoker;
public class HttpInvokerServiceExporter extends org.springframework.remoting.rmi.RemoteInvocationSerializingExporter {
public void setService(Object service) {}
public void setServiceInterface(Class clazz) {}
}

3
java/ql/test/stubs/springframework-5.2.3/org/springframework/remoting/rmi/RemoteInvocationSerializingExporter.java Normal file
View File

@@ -0,0 +1,3 @@
package org.springframework.remoting.rmi;
public abstract class RemoteInvocationSerializingExporter {}

14
java/ql/test/stubs/springframework-5.2.3/org/springframework/stereotype/Controller.java
View File

@@ -1,9 +1,15 @@
package org.springframework.stereotype;
import java.lang.annotation.*;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
@Target(value=ElementType.TYPE)
@Retention(value=RetentionPolicy.RUNTIME)
@Target({ElementType.TYPE})
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Component
public @interface Controller { }
public @interface Controller {
String value() default "";
}

202
java/ql/test/stubs/springframework-5.2.3/org/springframework/util/ObjectUtils.java Normal file
View File

@@ -0,0 +1,202 @@
package org.springframework.util;
import java.lang.reflect.Array;
import java.util.Arrays;
import java.util.Collection;
import java.util.Map;
import java.util.Optional;
import java.util.StringJoiner;
import org.springframework.lang.Nullable;
public abstract class ObjectUtils {
private static final int INITIAL_HASH = 7;
private static final int MULTIPLIER = 31;
private static final String EMPTY_STRING = "";
private static final String NULL_STRING = "null";
private static final String ARRAY_START = "{";
private static final String ARRAY_END = "}";
private static final String EMPTY_ARRAY = "{}";
private static final String ARRAY_ELEMENT_SEPARATOR = ", ";
private static final Object[] EMPTY_OBJECT_ARRAY = new Object[0];
public ObjectUtils() {
}
public static boolean isCheckedException(Throwable ex) {
return false;
}
public static boolean isCompatibleWithThrowsClause(Throwable ex, @Nullable Class<?>... declaredExceptions) {
return false;
}
public static boolean isArray(@Nullable Object obj) {
return false;
}
public static boolean isEmpty(@Nullable Object[] array) {
return false;
}
public static boolean isEmpty(@Nullable Object obj) {
return false;
}
@Nullable
public static Object unwrapOptional(@Nullable Object obj) {
return null;
}
public static boolean containsElement(@Nullable Object[] array, Object element) {
return true;
}
public static boolean containsConstant(Enum<?>[] enumValues, String constant) {
return true;
}
public static boolean containsConstant(Enum<?>[] enumValues, String constant, boolean caseSensitive) {
return true;
}
public static <E extends Enum<?>> E caseInsensitiveValueOf(E[] enumValues, String constant) {
return null;
}
public static <A, O extends A> A[] addObjectToArray(@Nullable A[] array, @Nullable O obj) {
return null;
}
public static Object[] toObjectArray(@Nullable Object source) {
return null;
}
public static boolean nullSafeEquals(@Nullable Object o1, @Nullable Object o2) {
return false;
}
private static boolean arrayEquals(Object o1, Object o2) {
return false;
}
public static int nullSafeHashCode(@Nullable Object obj) {
return 1;
}
public static int nullSafeHashCode(@Nullable Object[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable boolean[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable byte[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable char[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable double[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable float[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable int[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable long[] array) {
return 1;
}
public static int nullSafeHashCode(@Nullable short[] array) {
return 1;
}
/** @deprecated */
@Deprecated
public static int hashCode(boolean bool) {
return 1;
}
/** @deprecated */
@Deprecated
public static int hashCode(double dbl) {
return 1;
}
/** @deprecated */
@Deprecated
public static int hashCode(float flt) {
return 1;
}
/** @deprecated */
@Deprecated
public static int hashCode(long lng) {
return 1;
}
public static String identityToString(@Nullable Object obj) {
return "";
}
public static String getIdentityHexString(Object obj) {
return "";
}
public static String getDisplayString(@Nullable Object obj) {
return "";
}
public static String nullSafeClassName(@Nullable Object obj) {
return "";
}
public static String nullSafeToString(@Nullable Object obj) {
return "";
}
public static String nullSafeToString(@Nullable Object[] array) {
return "";
}
public static String nullSafeToString(@Nullable boolean[] array) {
return "";
}
public static String nullSafeToString(@Nullable byte[] array) {
return "";
}
public static String nullSafeToString(@Nullable char[] array) {
return "";
}
public static String nullSafeToString(@Nullable double[] array) {
return "";
}
public static String nullSafeToString(@Nullable float[] array) {
return "";
}
public static String nullSafeToString(@Nullable int[] array) {
return "";
}
public static String nullSafeToString(@Nullable long[] array) {
return "";
}
public static String nullSafeToString(@Nullable short[] array) {
return "";
}
}

30
java/ql/test/stubs/springframework-5.2.3/org/springframework/util/StringUtils.java Normal file
View File

@@ -0,0 +1,30 @@
package org.springframework.util;
import java.io.ByteArrayOutputStream;
import java.nio.charset.Charset;
import java.util.ArrayDeque;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Deque;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Locale;
import java.util.Properties;
import java.util.Set;
import java.util.StringJoiner;
import java.util.StringTokenizer;
import java.util.TimeZone;
import org.springframework.lang.Nullable;
public abstract class StringUtils {
@Deprecated
public static boolean isEmpty(@Nullable Object str) {
return true;
}
}

0
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/GetMapping.java → java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/GetMapping.java
View File

0
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/Mapping.java → java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/Mapping.java
View File

23
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestMapping.java
View File

@@ -1,11 +1,32 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.*;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.core.annotation.AliasFor;
@Target(value={ElementType.METHOD,ElementType.TYPE})
@Retention(value=RetentionPolicy.RUNTIME)
@Documented
@Mapping
public @interface RequestMapping {
String name() default "";
@AliasFor("path")
String[] value() default {};
@AliasFor("value")
String[] path() default {};
RequestMethod[] method() default {};
String[] params() default {};
String[] headers() default {};
String[] consumes() default {};
String[] produces() default {};
}

23
java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestParam.java
View File

@@ -1,8 +1,23 @@
package org.springframework.web.bind.annotation;
import java.lang.annotation.*;
import java.lang.annotation.Documented;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.springframework.core.annotation.AliasFor;
@Target(value=ElementType.PARAMETER)
@Retention(value=RetentionPolicy.RUNTIME)
@Target({ElementType.PARAMETER})
@Retention(RetentionPolicy.RUNTIME)
@Documented
public @interface RequestParam { }
public @interface RequestParam {
@AliasFor("name")
String value() default "";
@AliasFor("value")
String name() default "";
boolean required() default true;
String defaultValue() default "\n\t\t\n\t\t\n\ue000\ue001\ue002\n\t\t\t\t\n";
}

0
java/ql/test/stubs/spring-web-5.3.2/org/springframework/web/bind/annotation/ResponseBody.java → java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/ResponseBody.java
View File