From ba5dc3cdbcd997ec440847e97dea1f72edf5e0b6 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 29 Jun 2021 15:21:01 +0100 Subject: [PATCH] Add models of the javax.json package --- .../2021-06-29-javax-json-models.md | 2 + .../code/java/dataflow/ExternalFlow.qll | 1 + .../semmle/code/java/frameworks/JavaxJson.qll | 62 ++ .../frameworks/javax-json/Test.java | 863 ++++++++++++++++++ .../frameworks/javax-json/options | 1 + .../frameworks/javax-json/test.expected | 0 .../frameworks/javax-json/test.ql | 53 ++ .../javax/json/JsonArray.java | 28 + .../javax/json/JsonArrayBuilder.java | 49 + .../javax/json/JsonNumber.java | 24 + .../javax/json/JsonObject.java | 25 + .../javax/json/JsonObjectBuilder.java | 27 + .../javax/json/JsonReader.java | 18 + .../javax/json/JsonReaderFactory.java | 17 + .../javax/json/JsonString.java | 13 + .../javax/json/JsonStructure.java | 10 + .../javax/json/JsonValue.java | 24 + .../javax/json/JsonWriter.java | 18 + .../javax/json/JsonWriterFactory.java | 17 + 19 files changed, 1252 insertions(+) create mode 100644 java/change-notes/2021-06-29-javax-json-models.md create mode 100644 java/ql/src/semmle/code/java/frameworks/JavaxJson.qll create mode 100644 java/ql/test/library-tests/frameworks/javax-json/Test.java create mode 100644 java/ql/test/library-tests/frameworks/javax-json/options create mode 100644 java/ql/test/library-tests/frameworks/javax-json/test.expected create mode 100644 java/ql/test/library-tests/frameworks/javax-json/test.ql create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java diff --git a/java/change-notes/2021-06-29-javax-json-models.md b/java/change-notes/2021-06-29-javax-json-models.md new file mode 100644 index 00000000000..76082495cf1 --- /dev/null +++ b/java/change-notes/2021-06-29-javax-json-models.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Added models of `javax.json` classes and methods. This may lead to more results where tracking tainted dataflow across JSON encoding or decoding is needed to diagnose a security or other issue. diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll index 8214c43c84b..4fc3b0fc9bf 100644 --- a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll @@ -82,6 +82,7 @@ private module Frameworks { private import semmle.code.java.frameworks.apache.Lang private import semmle.code.java.frameworks.guava.Guava private import semmle.code.java.frameworks.jackson.JacksonSerializability + private import semmle.code.java.frameworks.JavaxJson private import semmle.code.java.frameworks.JaxWS private import semmle.code.java.frameworks.Optional private import semmle.code.java.frameworks.spring.SpringHttp diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll new file mode 100644 index 00000000000..11de860c3c3 --- /dev/null +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -0,0 +1,62 @@ +/** + * Provides models for the `javax.json` package. + */ + +import java +private import semmle.code.java.dataflow.ExternalFlow + +private class FlowSummaries extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", + "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint", + "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", + "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value", + "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", + "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", + "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + ] + } +} diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java new file mode 100644 index 00000000000..46362e4da0d --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -0,0 +1,863 @@ +package generatedtest; + +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Reader; +import java.io.Writer; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.List; +import java.util.function.Function; +import javax.json.JsonArray; +import javax.json.JsonArrayBuilder; +import javax.json.JsonNumber; +import javax.json.JsonObject; +import javax.json.JsonObjectBuilder; +import javax.json.JsonReader; +import javax.json.JsonReaderFactory; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; +import javax.json.JsonWriter; +import javax.json.JsonWriterFactory; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object source() { return null; } + void sink(Object o) { } + + public void test() { + + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonArray in = (JsonArray)source(); + out = in.getBoolean(0, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonArray in = (JsonArray)source(); + out = in.getBoolean(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + JsonArray instance = null; + out = instance.getBoolean(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonArray in = (JsonArray)source(); + out = in.getInt(0, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonArray in = (JsonArray)source(); + out = in.getInt(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + JsonArray instance = null; + out = instance.getInt(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonArray(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + JsonNumber out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonNumber(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonObject(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint" + JsonString out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonString(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonArray in = (JsonArray)source(); + out = in.getString(0, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonArray in = (JsonArray)source(); + out = in.getString(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + JsonArray instance = null; + out = instance.getString(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + JsonArray in = (JsonArray)source(); + out = in.getValuesAs((Function)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + JsonArray in = (JsonArray)source(); + out = in.getValuesAs((Class)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + long in = (long)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0L); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0.0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonObjectBuilder)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonArrayBuilder)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (BigInteger)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (BigDecimal)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + double in = (double)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + String in = (String)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonValue in = (JsonValue)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.addNull(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.addNull(); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" + BigDecimal out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigDecimalValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigIntegerValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigIntegerValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint" + double out = 0.0; + JsonNumber in = (JsonNumber)source(); + out = in.doubleValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonNumber in = (JsonNumber)source(); + out = in.intValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonNumber in = (JsonNumber)source(); + out = in.intValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint" + long out = 0L; + JsonNumber in = (JsonNumber)source(); + out = in.longValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint" + long out = 0L; + JsonNumber in = (JsonNumber)source(); + out = in.longValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonObject in = (JsonObject)source(); + out = in.getBoolean(null, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonObject in = (JsonObject)source(); + out = in.getBoolean(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + JsonObject instance = null; + out = instance.getBoolean(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonObject in = (JsonObject)source(); + out = in.getInt(null, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonObject in = (JsonObject)source(); + out = in.getInt(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + JsonObject instance = null; + out = instance.getInt(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonArray(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + JsonNumber out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonNumber(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonObject(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint" + JsonString out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonString(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonObject in = (JsonObject)source(); + out = in.getString(null, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonObject in = (JsonObject)source(); + out = in.getString(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + JsonObject instance = null; + out = instance.getString(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + long in = (long)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + int in = (int)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + double in = (double)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + boolean in = (boolean)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + String in = (String)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonValue in = (JsonValue)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.addNull(null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" + JsonStructure out = null; + JsonReader in = (JsonReader)source(); + out = in.read(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonReader in = (JsonReader)source(); + out = in.readArray(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonReader in = (JsonReader)source(); + out = in.readObject(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + Reader in = (Reader)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + InputStream in = (InputStream)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + InputStream in = (InputStream)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint" + CharSequence out = null; + JsonString in = (JsonString)source(); + out = in.getChars(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonString in = (JsonString)source(); + out = in.getString(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonValue in = (JsonValue)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonValue in = (JsonValue)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonStructure in = (JsonStructure)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonArray in = (JsonArray)source(); + out.writeArray(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonObject in = (JsonObject)source(); + out.writeObject(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + Writer out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + + } + +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/javax-json/options b/java/ql/test/library-tests/frameworks/javax-json/options new file mode 100644 index 00000000000..7da95c7e5e3 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/javax-json-api-1.1.4 diff --git a/java/ql/test/library-tests/frameworks/javax-json/test.expected b/java/ql/test/library-tests/frameworks/javax-json/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/javax-json/test.ql b/java/ql/test/library-tests/frameworks/javax-json/test.ql new file mode 100644 index 00000000000..465161863cc --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/test.ql @@ -0,0 +1,53 @@ +import java +import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.TaintTracking +import TestUtilities.InlineExpectationsTest + +class ValueFlowConf extends DataFlow::Configuration { + ValueFlowConf() { this = "qltest:valueFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class TaintFlowConf extends TaintTracking::Configuration { + TaintFlowConf() { this = "qltest:taintFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class HasFlowTest extends InlineExpectationsTest { + HasFlowTest() { this = "HasFlowTest" } + + override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasValueFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + or + tag = "hasTaintFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | + conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink) + | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java new file mode 100644 index 00000000000..c4d484d8bb2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java @@ -0,0 +1,28 @@ +// Generated automatically from javax.json.JsonArray for testing purposes + +package javax.json; + +import java.util.List; +import java.util.function.Function; +import javax.json.JsonNumber; +import javax.json.JsonObject; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonArray extends JsonStructure, List +{ + List getValuesAs(Class p0); + JsonArray getJsonArray(int p0); + JsonNumber getJsonNumber(int p0); + JsonObject getJsonObject(int p0); + JsonString getJsonString(int p0); + String getString(int p0); + String getString(int p0, String p1); + boolean getBoolean(int p0); + boolean getBoolean(int p0, boolean p1); + boolean isNull(int p0); + default List getValuesAs(Function p0){ return null; } + int getInt(int p0); + int getInt(int p0, int p1); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java new file mode 100644 index 00000000000..dea224cb508 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java @@ -0,0 +1,49 @@ +// Generated automatically from javax.json.JsonArrayBuilder for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonArray; +import javax.json.JsonObjectBuilder; +import javax.json.JsonValue; + +public interface JsonArrayBuilder +{ + JsonArray build(); + JsonArrayBuilder add(BigDecimal p0); + JsonArrayBuilder add(BigInteger p0); + JsonArrayBuilder add(JsonArrayBuilder p0); + JsonArrayBuilder add(JsonObjectBuilder p0); + JsonArrayBuilder add(JsonValue p0); + JsonArrayBuilder add(String p0); + JsonArrayBuilder add(boolean p0); + JsonArrayBuilder add(double p0); + JsonArrayBuilder add(int p0); + JsonArrayBuilder add(long p0); + JsonArrayBuilder addNull(); + default JsonArrayBuilder add(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder add(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder add(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder add(int p0, String p1){ return null; } + default JsonArrayBuilder add(int p0, boolean p1){ return null; } + default JsonArrayBuilder add(int p0, double p1){ return null; } + default JsonArrayBuilder add(int p0, int p1){ return null; } + default JsonArrayBuilder add(int p0, long p1){ return null; } + default JsonArrayBuilder addAll(JsonArrayBuilder p0){ return null; } + default JsonArrayBuilder addNull(int p0){ return null; } + default JsonArrayBuilder remove(int p0){ return null; } + default JsonArrayBuilder set(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder set(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder set(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder set(int p0, String p1){ return null; } + default JsonArrayBuilder set(int p0, boolean p1){ return null; } + default JsonArrayBuilder set(int p0, double p1){ return null; } + default JsonArrayBuilder set(int p0, int p1){ return null; } + default JsonArrayBuilder set(int p0, long p1){ return null; } + default JsonArrayBuilder setNull(int p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java new file mode 100644 index 00000000000..b0cbf3b29c3 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java @@ -0,0 +1,24 @@ +// Generated automatically from javax.json.JsonNumber for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonValue; + +public interface JsonNumber extends JsonValue +{ + BigDecimal bigDecimalValue(); + BigInteger bigIntegerValue(); + BigInteger bigIntegerValueExact(); + String toString(); + boolean equals(Object p0); + boolean isIntegral(); + default Number numberValue(){ return null; } + double doubleValue(); + int hashCode(); + int intValue(); + int intValueExact(); + long longValue(); + long longValueExact(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java new file mode 100644 index 00000000000..d1bb0a7915e --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java @@ -0,0 +1,25 @@ +// Generated automatically from javax.json.JsonObject for testing purposes + +package javax.json; + +import java.util.Map; +import javax.json.JsonArray; +import javax.json.JsonNumber; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonObject extends JsonStructure, Map +{ + JsonArray getJsonArray(String p0); + JsonNumber getJsonNumber(String p0); + JsonObject getJsonObject(String p0); + JsonString getJsonString(String p0); + String getString(String p0); + String getString(String p0, String p1); + boolean getBoolean(String p0); + boolean getBoolean(String p0, boolean p1); + boolean isNull(String p0); + int getInt(String p0); + int getInt(String p0, int p1); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java new file mode 100644 index 00000000000..9e6db63cbc2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java @@ -0,0 +1,27 @@ +// Generated automatically from javax.json.JsonObjectBuilder for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonArrayBuilder; +import javax.json.JsonObject; +import javax.json.JsonValue; + +public interface JsonObjectBuilder +{ + JsonObject build(); + JsonObjectBuilder add(String p0, BigDecimal p1); + JsonObjectBuilder add(String p0, BigInteger p1); + JsonObjectBuilder add(String p0, JsonArrayBuilder p1); + JsonObjectBuilder add(String p0, JsonObjectBuilder p1); + JsonObjectBuilder add(String p0, JsonValue p1); + JsonObjectBuilder add(String p0, String p1); + JsonObjectBuilder add(String p0, boolean p1); + JsonObjectBuilder add(String p0, double p1); + JsonObjectBuilder add(String p0, int p1); + JsonObjectBuilder add(String p0, long p1); + JsonObjectBuilder addNull(String p0); + default JsonObjectBuilder addAll(JsonObjectBuilder p0){ return null; } + default JsonObjectBuilder remove(String p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java new file mode 100644 index 00000000000..7bb2d011adb --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java @@ -0,0 +1,18 @@ +// Generated automatically from javax.json.JsonReader for testing purposes + +package javax.json; + +import java.io.Closeable; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonReader extends Closeable +{ + JsonArray readArray(); + JsonObject readObject(); + JsonStructure read(); + default JsonValue readValue(){ return null; } + void close(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java new file mode 100644 index 00000000000..f87458e05f2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.json.JsonReaderFactory for testing purposes + +package javax.json; + +import java.io.InputStream; +import java.io.Reader; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.JsonReader; + +public interface JsonReaderFactory +{ + JsonReader createReader(InputStream p0); + JsonReader createReader(InputStream p0, Charset p1); + JsonReader createReader(Reader p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java new file mode 100644 index 00000000000..32f5a09a4de --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java @@ -0,0 +1,13 @@ +// Generated automatically from javax.json.JsonString for testing purposes + +package javax.json; + +import javax.json.JsonValue; + +public interface JsonString extends JsonValue +{ + CharSequence getChars(); + String getString(); + boolean equals(Object p0); + int hashCode(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java new file mode 100644 index 00000000000..3a78f98abe1 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java @@ -0,0 +1,10 @@ +// Generated automatically from javax.json.JsonStructure for testing purposes + +package javax.json; + +import javax.json.JsonValue; + +public interface JsonStructure extends JsonValue +{ + default JsonValue getValue(String p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java new file mode 100644 index 00000000000..c21667f02d5 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java @@ -0,0 +1,24 @@ +// Generated automatically from javax.json.JsonValue for testing purposes + +package javax.json; + +import javax.json.JsonArray; +import javax.json.JsonObject; + +public interface JsonValue +{ + JsonValue.ValueType getValueType(); + String toString(); + default JsonArray asJsonArray(){ return null; } + default JsonObject asJsonObject(){ return null; } + static JsonArray EMPTY_JSON_ARRAY = null; + static JsonObject EMPTY_JSON_OBJECT = null; + static JsonValue FALSE = null; + static JsonValue NULL = null; + static JsonValue TRUE = null; + static public enum ValueType + { + ARRAY, FALSE, NULL, NUMBER, OBJECT, STRING, TRUE; + private ValueType() {} + } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java new file mode 100644 index 00000000000..412b902ef14 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java @@ -0,0 +1,18 @@ +// Generated automatically from javax.json.JsonWriter for testing purposes + +package javax.json; + +import java.io.Closeable; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonWriter extends Closeable +{ + default void write(JsonValue p0){} + void close(); + void write(JsonStructure p0); + void writeArray(JsonArray p0); + void writeObject(JsonObject p0); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java new file mode 100644 index 00000000000..6bbed30fb35 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.json.JsonWriterFactory for testing purposes + +package javax.json; + +import java.io.OutputStream; +import java.io.Writer; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.JsonWriter; + +public interface JsonWriterFactory +{ + JsonWriter createWriter(OutputStream p0); + JsonWriter createWriter(OutputStream p0, Charset p1); + JsonWriter createWriter(Writer p0); + Map getConfigInUse(); +}