From ba5dc3cdbcd997ec440847e97dea1f72edf5e0b6 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 29 Jun 2021 15:21:01 +0100 Subject: [PATCH 1/7] Add models of the javax.json package --- .../2021-06-29-javax-json-models.md | 2 + .../code/java/dataflow/ExternalFlow.qll | 1 + .../semmle/code/java/frameworks/JavaxJson.qll | 62 ++ .../frameworks/javax-json/Test.java | 863 ++++++++++++++++++ .../frameworks/javax-json/options | 1 + .../frameworks/javax-json/test.expected | 0 .../frameworks/javax-json/test.ql | 53 ++ .../javax/json/JsonArray.java | 28 + .../javax/json/JsonArrayBuilder.java | 49 + .../javax/json/JsonNumber.java | 24 + .../javax/json/JsonObject.java | 25 + .../javax/json/JsonObjectBuilder.java | 27 + .../javax/json/JsonReader.java | 18 + .../javax/json/JsonReaderFactory.java | 17 + .../javax/json/JsonString.java | 13 + .../javax/json/JsonStructure.java | 10 + .../javax/json/JsonValue.java | 24 + .../javax/json/JsonWriter.java | 18 + .../javax/json/JsonWriterFactory.java | 17 + 19 files changed, 1252 insertions(+) create mode 100644 java/change-notes/2021-06-29-javax-json-models.md create mode 100644 java/ql/src/semmle/code/java/frameworks/JavaxJson.qll create mode 100644 java/ql/test/library-tests/frameworks/javax-json/Test.java create mode 100644 java/ql/test/library-tests/frameworks/javax-json/options create mode 100644 java/ql/test/library-tests/frameworks/javax-json/test.expected create mode 100644 java/ql/test/library-tests/frameworks/javax-json/test.ql create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java diff --git a/java/change-notes/2021-06-29-javax-json-models.md b/java/change-notes/2021-06-29-javax-json-models.md new file mode 100644 index 00000000000..76082495cf1 --- /dev/null +++ b/java/change-notes/2021-06-29-javax-json-models.md @@ -0,0 +1,2 @@ +lgtm,codescanning +* Added models of `javax.json` classes and methods. This may lead to more results where tracking tainted dataflow across JSON encoding or decoding is needed to diagnose a security or other issue. diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll index 8214c43c84b..4fc3b0fc9bf 100644 --- a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll +++ b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll @@ -82,6 +82,7 @@ private module Frameworks { private import semmle.code.java.frameworks.apache.Lang private import semmle.code.java.frameworks.guava.Guava private import semmle.code.java.frameworks.jackson.JacksonSerializability + private import semmle.code.java.frameworks.JavaxJson private import semmle.code.java.frameworks.JaxWS private import semmle.code.java.frameworks.Optional private import semmle.code.java.frameworks.spring.SpringHttp diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll new file mode 100644 index 00000000000..11de860c3c3 --- /dev/null +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -0,0 +1,62 @@ +/** + * Provides models for the `javax.json` package. + */ + +import java +private import semmle.code.java.dataflow.ExternalFlow + +private class FlowSummaries extends SummaryModelCsv { + override predicate row(string row) { + row = + [ + "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value", + "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", + "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint", + "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", + "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value", + "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", + "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", + "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint", + "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", + "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + ] + } +} diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java new file mode 100644 index 00000000000..46362e4da0d --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -0,0 +1,863 @@ +package generatedtest; + +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Reader; +import java.io.Writer; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.List; +import java.util.function.Function; +import javax.json.JsonArray; +import javax.json.JsonArrayBuilder; +import javax.json.JsonNumber; +import javax.json.JsonObject; +import javax.json.JsonObjectBuilder; +import javax.json.JsonReader; +import javax.json.JsonReaderFactory; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; +import javax.json.JsonWriter; +import javax.json.JsonWriterFactory; + +// Test case generated by GenerateFlowTestCase.ql +public class Test { + + Object source() { return null; } + void sink(Object o) { } + + public void test() { + + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonArray in = (JsonArray)source(); + out = in.getBoolean(0, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonArray in = (JsonArray)source(); + out = in.getBoolean(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + JsonArray instance = null; + out = instance.getBoolean(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonArray in = (JsonArray)source(); + out = in.getInt(0, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonArray in = (JsonArray)source(); + out = in.getInt(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + JsonArray instance = null; + out = instance.getInt(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonArray(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + JsonNumber out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonNumber(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonObject(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint" + JsonString out = null; + JsonArray in = (JsonArray)source(); + out = in.getJsonString(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonArray in = (JsonArray)source(); + out = in.getString(0, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonArray in = (JsonArray)source(); + out = in.getString(0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + JsonArray instance = null; + out = instance.getString(0, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + JsonArray in = (JsonArray)source(); + out = in.getValuesAs((Function)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + JsonArray in = (JsonArray)source(); + out = in.getValuesAs((Class)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.add((BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + long in = (long)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0L); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0.0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonObjectBuilder)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (JsonArrayBuilder)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (BigInteger)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in, (BigDecimal)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + double in = (double)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + String in = (String)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonValue in = (JsonValue)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" + JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.addNull(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonArrayBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.addNull(); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" + BigDecimal out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigDecimalValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigIntegerValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + JsonNumber in = (JsonNumber)source(); + out = in.bigIntegerValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint" + double out = 0.0; + JsonNumber in = (JsonNumber)source(); + out = in.doubleValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonNumber in = (JsonNumber)source(); + out = in.intValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonNumber in = (JsonNumber)source(); + out = in.intValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint" + long out = 0L; + JsonNumber in = (JsonNumber)source(); + out = in.longValue(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint" + long out = 0L; + JsonNumber in = (JsonNumber)source(); + out = in.longValueExact(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonObject in = (JsonObject)source(); + out = in.getBoolean(null, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + JsonObject in = (JsonObject)source(); + out = in.getBoolean(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + JsonObject instance = null; + out = instance.getBoolean(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonObject in = (JsonObject)source(); + out = in.getInt(null, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + JsonObject in = (JsonObject)source(); + out = in.getInt(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + JsonObject instance = null; + out = instance.getInt(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonArray(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + JsonNumber out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonNumber(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonObject(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint" + JsonString out = null; + JsonObject in = (JsonObject)source(); + out = in.getJsonString(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonObject in = (JsonObject)source(); + out = in.getString(null, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonObject in = (JsonObject)source(); + out = in.getString(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + JsonObject instance = null; + out = instance.getString(null, in); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.add((String)null, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + long in = (long)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + int in = (int)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + double in = (double)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + boolean in = (boolean)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + String in = (String)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonValue in = (JsonValue)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + JsonArrayBuilder in = (JsonArrayBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + JsonObjectBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + JsonObjectBuilder out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.addNull(null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonObjectBuilder in = (JsonObjectBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" + JsonStructure out = null; + JsonReader in = (JsonReader)source(); + out = in.read(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint" + JsonArray out = null; + JsonReader in = (JsonReader)source(); + out = in.readArray(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint" + JsonObject out = null; + JsonReader in = (JsonReader)source(); + out = in.readObject(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + Reader in = (Reader)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + InputStream in = (InputStream)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + JsonReader out = null; + InputStream in = (InputStream)source(); + JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint" + CharSequence out = null; + JsonString in = (JsonString)source(); + out = in.getChars(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonString in = (JsonString)source(); + out = in.getString(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + JsonValue in = (JsonValue)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonValue in = (JsonValue)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonStructure in = (JsonStructure)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonArray in = (JsonArray)source(); + out.writeArray(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint" + JsonWriter out = null; + JsonObject in = (JsonObject)source(); + out.writeObject(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + Writer out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + JsonWriterFactory in = (JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + + } + +} \ No newline at end of file diff --git a/java/ql/test/library-tests/frameworks/javax-json/options b/java/ql/test/library-tests/frameworks/javax-json/options new file mode 100644 index 00000000000..7da95c7e5e3 --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/options @@ -0,0 +1 @@ +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/javax-json-api-1.1.4 diff --git a/java/ql/test/library-tests/frameworks/javax-json/test.expected b/java/ql/test/library-tests/frameworks/javax-json/test.expected new file mode 100644 index 00000000000..e69de29bb2d diff --git a/java/ql/test/library-tests/frameworks/javax-json/test.ql b/java/ql/test/library-tests/frameworks/javax-json/test.ql new file mode 100644 index 00000000000..465161863cc --- /dev/null +++ b/java/ql/test/library-tests/frameworks/javax-json/test.ql @@ -0,0 +1,53 @@ +import java +import semmle.code.java.dataflow.DataFlow +import semmle.code.java.dataflow.ExternalFlow +import semmle.code.java.dataflow.TaintTracking +import TestUtilities.InlineExpectationsTest + +class ValueFlowConf extends DataFlow::Configuration { + ValueFlowConf() { this = "qltest:valueFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class TaintFlowConf extends TaintTracking::Configuration { + TaintFlowConf() { this = "qltest:taintFlowConf" } + + override predicate isSource(DataFlow::Node n) { + n.asExpr().(MethodAccess).getMethod().hasName("source") + } + + override predicate isSink(DataFlow::Node n) { + n.asExpr().(Argument).getCall().getCallee().hasName("sink") + } +} + +class HasFlowTest extends InlineExpectationsTest { + HasFlowTest() { this = "HasFlowTest" } + + override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] } + + override predicate hasActualResult(Location location, string element, string tag, string value) { + tag = "hasValueFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + or + tag = "hasTaintFlow" and + exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf | + conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink) + | + sink.getLocation() = location and + element = sink.toString() and + value = "" + ) + } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java new file mode 100644 index 00000000000..c4d484d8bb2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArray.java @@ -0,0 +1,28 @@ +// Generated automatically from javax.json.JsonArray for testing purposes + +package javax.json; + +import java.util.List; +import java.util.function.Function; +import javax.json.JsonNumber; +import javax.json.JsonObject; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonArray extends JsonStructure, List +{ + List getValuesAs(Class p0); + JsonArray getJsonArray(int p0); + JsonNumber getJsonNumber(int p0); + JsonObject getJsonObject(int p0); + JsonString getJsonString(int p0); + String getString(int p0); + String getString(int p0, String p1); + boolean getBoolean(int p0); + boolean getBoolean(int p0, boolean p1); + boolean isNull(int p0); + default List getValuesAs(Function p0){ return null; } + int getInt(int p0); + int getInt(int p0, int p1); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java new file mode 100644 index 00000000000..dea224cb508 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonArrayBuilder.java @@ -0,0 +1,49 @@ +// Generated automatically from javax.json.JsonArrayBuilder for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonArray; +import javax.json.JsonObjectBuilder; +import javax.json.JsonValue; + +public interface JsonArrayBuilder +{ + JsonArray build(); + JsonArrayBuilder add(BigDecimal p0); + JsonArrayBuilder add(BigInteger p0); + JsonArrayBuilder add(JsonArrayBuilder p0); + JsonArrayBuilder add(JsonObjectBuilder p0); + JsonArrayBuilder add(JsonValue p0); + JsonArrayBuilder add(String p0); + JsonArrayBuilder add(boolean p0); + JsonArrayBuilder add(double p0); + JsonArrayBuilder add(int p0); + JsonArrayBuilder add(long p0); + JsonArrayBuilder addNull(); + default JsonArrayBuilder add(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder add(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder add(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder add(int p0, String p1){ return null; } + default JsonArrayBuilder add(int p0, boolean p1){ return null; } + default JsonArrayBuilder add(int p0, double p1){ return null; } + default JsonArrayBuilder add(int p0, int p1){ return null; } + default JsonArrayBuilder add(int p0, long p1){ return null; } + default JsonArrayBuilder addAll(JsonArrayBuilder p0){ return null; } + default JsonArrayBuilder addNull(int p0){ return null; } + default JsonArrayBuilder remove(int p0){ return null; } + default JsonArrayBuilder set(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder set(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder set(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder set(int p0, String p1){ return null; } + default JsonArrayBuilder set(int p0, boolean p1){ return null; } + default JsonArrayBuilder set(int p0, double p1){ return null; } + default JsonArrayBuilder set(int p0, int p1){ return null; } + default JsonArrayBuilder set(int p0, long p1){ return null; } + default JsonArrayBuilder setNull(int p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java new file mode 100644 index 00000000000..b0cbf3b29c3 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonNumber.java @@ -0,0 +1,24 @@ +// Generated automatically from javax.json.JsonNumber for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonValue; + +public interface JsonNumber extends JsonValue +{ + BigDecimal bigDecimalValue(); + BigInteger bigIntegerValue(); + BigInteger bigIntegerValueExact(); + String toString(); + boolean equals(Object p0); + boolean isIntegral(); + default Number numberValue(){ return null; } + double doubleValue(); + int hashCode(); + int intValue(); + int intValueExact(); + long longValue(); + long longValueExact(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java new file mode 100644 index 00000000000..d1bb0a7915e --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObject.java @@ -0,0 +1,25 @@ +// Generated automatically from javax.json.JsonObject for testing purposes + +package javax.json; + +import java.util.Map; +import javax.json.JsonArray; +import javax.json.JsonNumber; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonObject extends JsonStructure, Map +{ + JsonArray getJsonArray(String p0); + JsonNumber getJsonNumber(String p0); + JsonObject getJsonObject(String p0); + JsonString getJsonString(String p0); + String getString(String p0); + String getString(String p0, String p1); + boolean getBoolean(String p0); + boolean getBoolean(String p0, boolean p1); + boolean isNull(String p0); + int getInt(String p0); + int getInt(String p0, int p1); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java new file mode 100644 index 00000000000..9e6db63cbc2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonObjectBuilder.java @@ -0,0 +1,27 @@ +// Generated automatically from javax.json.JsonObjectBuilder for testing purposes + +package javax.json; + +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonArrayBuilder; +import javax.json.JsonObject; +import javax.json.JsonValue; + +public interface JsonObjectBuilder +{ + JsonObject build(); + JsonObjectBuilder add(String p0, BigDecimal p1); + JsonObjectBuilder add(String p0, BigInteger p1); + JsonObjectBuilder add(String p0, JsonArrayBuilder p1); + JsonObjectBuilder add(String p0, JsonObjectBuilder p1); + JsonObjectBuilder add(String p0, JsonValue p1); + JsonObjectBuilder add(String p0, String p1); + JsonObjectBuilder add(String p0, boolean p1); + JsonObjectBuilder add(String p0, double p1); + JsonObjectBuilder add(String p0, int p1); + JsonObjectBuilder add(String p0, long p1); + JsonObjectBuilder addNull(String p0); + default JsonObjectBuilder addAll(JsonObjectBuilder p0){ return null; } + default JsonObjectBuilder remove(String p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java new file mode 100644 index 00000000000..7bb2d011adb --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReader.java @@ -0,0 +1,18 @@ +// Generated automatically from javax.json.JsonReader for testing purposes + +package javax.json; + +import java.io.Closeable; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonReader extends Closeable +{ + JsonArray readArray(); + JsonObject readObject(); + JsonStructure read(); + default JsonValue readValue(){ return null; } + void close(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java new file mode 100644 index 00000000000..f87458e05f2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonReaderFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.json.JsonReaderFactory for testing purposes + +package javax.json; + +import java.io.InputStream; +import java.io.Reader; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.JsonReader; + +public interface JsonReaderFactory +{ + JsonReader createReader(InputStream p0); + JsonReader createReader(InputStream p0, Charset p1); + JsonReader createReader(Reader p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java new file mode 100644 index 00000000000..32f5a09a4de --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonString.java @@ -0,0 +1,13 @@ +// Generated automatically from javax.json.JsonString for testing purposes + +package javax.json; + +import javax.json.JsonValue; + +public interface JsonString extends JsonValue +{ + CharSequence getChars(); + String getString(); + boolean equals(Object p0); + int hashCode(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java new file mode 100644 index 00000000000..3a78f98abe1 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonStructure.java @@ -0,0 +1,10 @@ +// Generated automatically from javax.json.JsonStructure for testing purposes + +package javax.json; + +import javax.json.JsonValue; + +public interface JsonStructure extends JsonValue +{ + default JsonValue getValue(String p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java new file mode 100644 index 00000000000..c21667f02d5 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonValue.java @@ -0,0 +1,24 @@ +// Generated automatically from javax.json.JsonValue for testing purposes + +package javax.json; + +import javax.json.JsonArray; +import javax.json.JsonObject; + +public interface JsonValue +{ + JsonValue.ValueType getValueType(); + String toString(); + default JsonArray asJsonArray(){ return null; } + default JsonObject asJsonObject(){ return null; } + static JsonArray EMPTY_JSON_ARRAY = null; + static JsonObject EMPTY_JSON_OBJECT = null; + static JsonValue FALSE = null; + static JsonValue NULL = null; + static JsonValue TRUE = null; + static public enum ValueType + { + ARRAY, FALSE, NULL, NUMBER, OBJECT, STRING, TRUE; + private ValueType() {} + } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java new file mode 100644 index 00000000000..412b902ef14 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriter.java @@ -0,0 +1,18 @@ +// Generated automatically from javax.json.JsonWriter for testing purposes + +package javax.json; + +import java.io.Closeable; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonWriter extends Closeable +{ + default void write(JsonValue p0){} + void close(); + void write(JsonStructure p0); + void writeArray(JsonArray p0); + void writeObject(JsonObject p0); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java new file mode 100644 index 00000000000..6bbed30fb35 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonWriterFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.json.JsonWriterFactory for testing purposes + +package javax.json; + +import java.io.OutputStream; +import java.io.Writer; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.JsonWriter; + +public interface JsonWriterFactory +{ + JsonWriter createWriter(OutputStream p0); + JsonWriter createWriter(OutputStream p0, Charset p1); + JsonWriter createWriter(Writer p0); + Map getConfigInUse(); +} From 753c878f48440373323d68e68fccfce535682081 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Wed, 30 Jun 2021 15:04:15 +0100 Subject: [PATCH 2/7] Also cover jakarta version of javax.json, and some missed methods --- .../semmle/code/java/frameworks/JavaxJson.qll | 148 +- .../frameworks/javax-json/Test.java | 2387 ++++++++++++++--- .../frameworks/javax-json/options | 2 +- .../frameworks/javax-json/test.ql | 1 - .../jakarta-json-2.0.1/jakarta/json/Json.java | 72 + .../jakarta/json/JsonArray.java | 28 + .../jakarta/json/JsonArrayBuilder.java | 49 + .../jakarta/json/JsonBuilderFactory.java | 21 + .../jakarta/json/JsonMergePatch.java | 11 + .../jakarta/json/JsonNumber.java | 24 + .../jakarta/json/JsonObject.java | 25 + .../jakarta/json/JsonObjectBuilder.java | 27 + .../jakarta/json/JsonPatch.java | 12 + .../jakarta/json/JsonPatchBuilder.java | 26 + .../jakarta/json/JsonPointer.java | 16 + .../jakarta/json/JsonReader.java | 18 + .../jakarta/json/JsonReaderFactory.java | 17 + .../jakarta/json/JsonString.java | 13 + .../jakarta/json/JsonStructure.java | 10 + .../jakarta/json/JsonValue.java | 24 + .../jakarta/json/JsonWriter.java | 18 + .../jakarta/json/JsonWriterFactory.java | 17 + .../jakarta/json/stream/JsonGenerator.java | 40 + .../json/stream/JsonGeneratorFactory.java | 17 + .../jakarta/json/stream/JsonLocation.java | 11 + .../jakarta/json/stream/JsonParser.java | 38 + .../json/stream/JsonParserFactory.java | 21 + .../javax-json-api-1.1.4/javax/json/Json.java | 72 + .../javax/json/JsonBuilderFactory.java | 21 + .../javax/json/JsonMergePatch.java | 11 + .../javax/json/JsonPatch.java | 12 + .../javax/json/JsonPatchBuilder.java | 26 + .../javax/json/JsonPointer.java | 15 + .../javax/json/stream/JsonGenerator.java | 40 + .../json/stream/JsonGeneratorFactory.java | 17 + .../javax/json/stream/JsonLocation.java | 11 + .../javax/json/stream/JsonParser.java | 38 + .../javax/json/stream/JsonParserFactory.java | 21 + 38 files changed, 2894 insertions(+), 483 deletions(-) create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/Json.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArray.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArrayBuilder.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonBuilderFactory.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonMergePatch.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonNumber.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObject.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObjectBuilder.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatch.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatchBuilder.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPointer.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReader.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReaderFactory.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonString.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonStructure.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonValue.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriter.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriterFactory.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGenerator.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGeneratorFactory.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonLocation.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParser.java create mode 100644 java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParserFactory.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/Json.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonBuilderFactory.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonMergePatch.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatch.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatchBuilder.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPointer.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGenerator.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGeneratorFactory.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonLocation.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParser.java create mode 100644 java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParserFactory.java diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index 11de860c3c3..622ac550e37 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -8,55 +8,103 @@ private import semmle.code.java.dataflow.ExternalFlow private class FlowSummaries extends SummaryModelCsv { override predicate row(string row) { row = - [ - "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", - "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value", - "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value", - "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", - "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint", - "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", - "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", - "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value", - "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value", - "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", - "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", - "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", - "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", - "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint", - "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint", - "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", - "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", - "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" - ] + ["javax", "jakarta"] + ".json;" + + [ + "Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint", + "Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint", + "Json;false;createDiff;;;Argument[0..1];ReturnValue;taint", + "Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint", + "Json;false;createMergePatch;;;Argument[0];ReturnValue;taint", + "Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint", + "Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint", + "Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint", + "Json;false;createPatch;;;Argument[0];ReturnValue;taint", + "Json;false;createReader;;;Argument[0];ReturnValue;taint", + "Json;false;createWriter;;;Argument[0];ReturnValue;taint", + "JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", + "JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getInt;;;Argument[1];ReturnValue;value", + "JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", + "JsonArray;false;getString;;;Argument[1];ReturnValue;value", + "JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", + "JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", + "JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint", + "JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value", + "JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value", + "JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint", + "JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value", + "JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value", + "JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", + "JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", + "JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getInt;;;Argument[1];ReturnValue;value", + "JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", + "JsonObject;false;getString;;;Argument[1];ReturnValue;value", + "JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", + "JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", + "JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value", + "JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value", + "JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + "JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint", + "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint", + "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint", + "JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint", + "JsonReader;false;read;;;Argument[-1];ReturnValue;taint", + "JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", + "JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", + "JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint", + "JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", + "JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", + "JsonString;false;getString;;;Argument[-1];ReturnValue;taint", + "JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint", + "JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint", + "JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint", + "JsonValue;true;toString;;;Argument[-1];ReturnValue;taint", + "JsonWriter;false;write;;;Argument[0];Argument[-1];taint", + "JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", + "JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", + "JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + ] } } diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java index 46362e4da0d..6a9a140e37f 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/Test.java +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -6,40 +6,1318 @@ import java.io.Reader; import java.io.Writer; import java.math.BigDecimal; import java.math.BigInteger; +import java.util.Collection; import java.util.List; +import java.util.Map; import java.util.function.Function; -import javax.json.JsonArray; -import javax.json.JsonArrayBuilder; -import javax.json.JsonNumber; -import javax.json.JsonObject; -import javax.json.JsonObjectBuilder; -import javax.json.JsonReader; -import javax.json.JsonReaderFactory; -import javax.json.JsonString; -import javax.json.JsonStructure; -import javax.json.JsonValue; -import javax.json.JsonWriter; -import javax.json.JsonWriterFactory; // Test case generated by GenerateFlowTestCase.ql public class Test { + Collection newWithElement(Object element) { return List.of(element); } + Map newWithMapKey(Object element) { return Map.of(element, null); } + Map newWithMapValue(Object element) { return Map.of(null, element); } Object source() { return null; } void sink(Object o) { } public void test() { + { + // "jakarta.json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint" + jakarta.json.JsonArrayBuilder out = null; + Collection in = newWithElement(source()); + out = jakarta.json.Json.createArrayBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = jakarta.json.Json.createArrayBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatch out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + out = jakarta.json.Json.createDiff(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatch out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + out = jakarta.json.Json.createDiff(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonMergePatch out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = jakarta.json.Json.createMergeDiff(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonMergePatch out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = jakarta.json.Json.createMergeDiff(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonMergePatch out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = jakarta.json.Json.createMergePatch(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = jakarta.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint" + jakarta.json.JsonObjectBuilder out = null; + Map in = newWithMapKey(source()); + out = jakarta.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint" + jakarta.json.JsonObjectBuilder out = null; + Map in = newWithMapValue(source()); + out = jakarta.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createPatch;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonPatch out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = jakarta.json.Json.createPatch(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonReader out = null; + Reader in = (Reader)source(); + out = jakarta.json.Json.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonReader out = null; + InputStream in = (InputStream)source(); + out = jakarta.json.Json.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonWriter out = null; + Writer in = (Writer)source(); + out = jakarta.json.Json.createWriter(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonWriter out = null; + OutputStream in = (OutputStream)source(); + out = jakarta.json.Json.createWriter(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getBoolean(0, false); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getBoolean(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + jakarta.json.JsonArray instance = null; + out = instance.getBoolean(0, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getInt(0, 0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getInt(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + jakarta.json.JsonArray instance = null; + out = instance.getInt(0, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getJsonArray(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getJsonNumber(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonObject out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getJsonObject(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonString out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getJsonString(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getString(0, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getString(0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + jakarta.json.JsonArray instance = null; + out = instance.getString(0, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getValuesAs((Function)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" + List out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = in.getValuesAs((Class)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0L); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0.0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, 0L); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (jakarta.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (jakarta.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add(0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((jakarta.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((jakarta.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.add((BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.addAll(null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out.addAll(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.addNull(0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.addNull(); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.remove(0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, 0L); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (jakarta.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (jakarta.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.set(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonArrayBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out = in.setNull(0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" + BigDecimal out = null; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.bigDecimalValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.bigIntegerValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint" + BigInteger out = null; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.bigIntegerValueExact(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint" + double out = 0.0; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.doubleValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.intValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.intValueExact(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint" + long out = 0L; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.longValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint" + long out = 0L; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.longValueExact(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint" + Number out = null; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.numberValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getBoolean(null, false); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" + boolean out = false; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getBoolean(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value" + boolean out = false; + boolean in = (boolean)source(); + jakarta.json.JsonObject instance = null; + out = instance.getBoolean(null, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getInt(null, 0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" + int out = 0; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getInt(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value" + int out = 0; + int in = (int)source(); + jakarta.json.JsonObject instance = null; + out = instance.getInt(null, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getJsonArray(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getJsonNumber(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonObject out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getJsonObject(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonString out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getJsonString(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getString(null, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out = in.getString(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value" + String out = null; + String in = (String)source(); + jakarta.json.JsonObject instance = null; + out = instance.getString(null, in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, 0L); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, 0.0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (jakarta.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (jakarta.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.add((String)null, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + long in = (long)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonArrayBuilder in = (jakarta.json.JsonArrayBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + int in = (int)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + double in = (double)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + boolean in = (boolean)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + String in = (String)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + jakarta.json.JsonObjectBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.addAll(null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + jakarta.json.JsonObjectBuilder instance = null; + out = instance.addAll(in); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.addNull(null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonObject out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonPatch in = (jakarta.json.JsonPatch)source(); + out = in.apply(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + jakarta.json.JsonPatch instance = null; + out = instance.apply(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonPatch in = (jakarta.json.JsonPatch)source(); + out = in.toJsonArray(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonReader in = (jakarta.json.JsonReader)source(); + out = in.read(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonReader in = (jakarta.json.JsonReader)source(); + out = in.readArray(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonObject out = null; + jakarta.json.JsonReader in = (jakarta.json.JsonReader)source(); + out = in.readObject(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonReader in = (jakarta.json.JsonReader)source(); + out = in.readValue(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonReader out = null; + Reader in = (Reader)source(); + jakarta.json.JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonReader out = null; + InputStream in = (InputStream)source(); + jakarta.json.JsonReaderFactory instance = null; + out = instance.createReader(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonReader out = null; + InputStream in = (InputStream)source(); + jakarta.json.JsonReaderFactory instance = null; + out = instance.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint" + CharSequence out = null; + jakarta.json.JsonString in = (jakarta.json.JsonString)source(); + out = in.getChars(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonString in = (jakarta.json.JsonString)source(); + out = in.getString(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + out = in.getValue(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonArray out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = in.asJsonArray(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonObject out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = in.asJsonObject(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonNumber in = (jakarta.json.JsonNumber)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + jakarta.json.JsonWriter out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" + jakarta.json.JsonWriter out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + out.write(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint" + jakarta.json.JsonWriter out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out.writeArray(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint" + jakarta.json.JsonWriter out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + out.writeObject(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + Writer out = null; + jakarta.json.JsonWriterFactory in = (jakarta.json.JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + jakarta.json.JsonWriterFactory in = (jakarta.json.JsonWriterFactory)source(); + in.createWriter(out, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + OutputStream out = null; + jakarta.json.JsonWriterFactory in = (jakarta.json.JsonWriterFactory)source(); + in.createWriter(out); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint" + javax.json.JsonArrayBuilder out = null; + Collection in = newWithElement(source()); + out = javax.json.Json.createArrayBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); + out = javax.json.Json.createArrayBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatch out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + out = javax.json.Json.createDiff(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatch out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + out = javax.json.Json.createDiff(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonMergePatch out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = javax.json.Json.createMergeDiff(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonMergePatch out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = javax.json.Json.createMergeDiff(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint" + javax.json.JsonMergePatch out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = javax.json.Json.createMergePatch(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); + out = javax.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint" + javax.json.JsonObjectBuilder out = null; + Map in = newWithMapKey(source()); + out = javax.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint" + javax.json.JsonObjectBuilder out = null; + Map in = newWithMapValue(source()); + out = javax.json.Json.createObjectBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createPatch;;;Argument[0];ReturnValue;taint" + javax.json.JsonPatch out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); + out = javax.json.Json.createPatch(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" + javax.json.JsonReader out = null; + Reader in = (Reader)source(); + out = javax.json.Json.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" + javax.json.JsonReader out = null; + InputStream in = (InputStream)source(); + out = javax.json.Json.createReader(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" + javax.json.JsonWriter out = null; + Writer in = (Writer)source(); + out = javax.json.Json.createWriter(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" + javax.json.JsonWriter out = null; + OutputStream in = (OutputStream)source(); + out = javax.json.Json.createWriter(in); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getBoolean(0, false); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getBoolean(0); sink(out); // $hasTaintFlow } @@ -47,21 +1325,21 @@ public class Test { // "javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value" boolean out = false; boolean in = (boolean)source(); - JsonArray instance = null; + javax.json.JsonArray instance = null; out = instance.getBoolean(0, in); sink(out); // $hasValueFlow } { // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getInt(0, 0); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getInt(0); sink(out); // $hasTaintFlow } @@ -69,49 +1347,49 @@ public class Test { // "javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value" int out = 0; int in = (int)source(); - JsonArray instance = null; + javax.json.JsonArray instance = null; out = instance.getInt(0, in); sink(out); // $hasValueFlow } { // "javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint" - JsonArray out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getJsonArray(0); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" - JsonNumber out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonNumber out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getJsonNumber(0); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint" - JsonObject out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonObject out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getJsonObject(0); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint" - JsonString out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonString out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getJsonString(0); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getString(0, null); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getString(0); sink(out); // $hasTaintFlow } @@ -119,392 +1397,567 @@ public class Test { // "javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value" String out = null; String in = (String)source(); - JsonArray instance = null; + javax.json.JsonArray instance = null; out = instance.getString(0, in); sink(out); // $hasValueFlow } { // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" List out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getValuesAs((Function)null); sink(out); // $hasTaintFlow } { // "javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint" List out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonArray in = (javax.json.JsonArray)source(); out = in.getValuesAs((Class)null); sink(out); // $hasTaintFlow } { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(false); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0L); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0.0); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, false); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, 0L); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, 0.0); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, 0); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (String)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (JsonValue)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (JsonObjectBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (JsonArrayBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (BigInteger)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0, (BigDecimal)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add(0); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((String)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((JsonValue)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((JsonObjectBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((JsonArrayBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((BigInteger)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out = in.add((BigDecimal)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - long in = (long)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, false); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, 0L); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, 0.0); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, 0); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (String)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (JsonValue)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (JsonObjectBuilder)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (JsonArrayBuilder)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (BigInteger)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in, (BigDecimal)null); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - int in = (int)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - double in = (double)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - boolean in = (boolean)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - String in = (String)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - JsonValue in = (JsonValue)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; - BigInteger in = (BigInteger)source(); - out.add(in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint" - JsonArrayBuilder out = null; + // "javax.json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; BigDecimal in = (BigDecimal)source(); out.add(in); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.add(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.add(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (javax.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (javax.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((javax.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((javax.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.add((BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.addAll(null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out.addAll(in); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); out = in.addNull(0); sink(out); // $hasValueFlow } { // "javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value" - JsonArrayBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); out = in.addNull(); sink(out); // $hasValueFlow } { // "javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint" - JsonArray out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); + javax.json.JsonArray out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); out = in.build(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.remove(0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, 0L); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, 0.0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (javax.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (javax.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (BigInteger)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.set(0, (BigDecimal)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + long in = (long)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + int in = (int)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + double in = (double)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + boolean in = (boolean)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + String in = (String)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + BigInteger in = (BigInteger)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint" + javax.json.JsonArrayBuilder out = null; + BigDecimal in = (BigDecimal)source(); + out.set(0, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value" + javax.json.JsonArrayBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out = in.setNull(0); + sink(out); // $hasValueFlow + } { // "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" BigDecimal out = null; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.bigDecimalValue(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint" BigInteger out = null; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.bigIntegerValue(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint" BigInteger out = null; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.bigIntegerValueExact(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint" double out = 0.0; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.doubleValue(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.intValue(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.intValueExact(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint" long out = 0L; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.longValue(); sink(out); // $hasTaintFlow } { // "javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint" long out = 0L; - JsonNumber in = (JsonNumber)source(); + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.longValueExact(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint" + Number out = null; + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); + out = in.numberValue(); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getBoolean(null, false); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getBoolean(null); sink(out); // $hasTaintFlow } @@ -512,21 +1965,21 @@ public class Test { // "javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value" boolean out = false; boolean in = (boolean)source(); - JsonObject instance = null; + javax.json.JsonObject instance = null; out = instance.getBoolean(null, in); sink(out); // $hasValueFlow } { // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getInt(null, 0); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint" int out = 0; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getInt(null); sink(out); // $hasTaintFlow } @@ -534,49 +1987,49 @@ public class Test { // "javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value" int out = 0; int in = (int)source(); - JsonObject instance = null; + javax.json.JsonObject instance = null; out = instance.getInt(null, in); sink(out); // $hasValueFlow } { // "javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint" - JsonArray out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonArray out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getJsonArray(null); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint" - JsonNumber out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonNumber out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getJsonNumber(null); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint" - JsonObject out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getJsonObject(null); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint" - JsonString out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonString out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getJsonString(null); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getString(null, null); sink(out); // $hasTaintFlow } { // "javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonObject in = (javax.json.JsonObject)source(); out = in.getString(null); sink(out); // $hasTaintFlow } @@ -584,276 +2037,348 @@ public class Test { // "javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value" String out = null; String in = (String)source(); - JsonObject instance = null; + javax.json.JsonObject instance = null; out = instance.getString(null, in); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, false); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, 0L); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, 0.0); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, 0); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out = in.add((String)null, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out = in.add((String)null, (javax.json.JsonObjectBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out = in.add((String)null, (javax.json.JsonArrayBuilder)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, (String)null); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); - out = in.add((String)null, (JsonValue)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); - out = in.add((String)null, (JsonObjectBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); - out = in.add((String)null, (JsonArrayBuilder)null); - sink(out); // $hasValueFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, (BigInteger)null); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.add((String)null, (BigDecimal)null); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; long in = (long)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonArrayBuilder in = (javax.json.JsonArrayBuilder)source(); + out.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" + javax.json.JsonObjectBuilder out = null; int in = (int)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; double in = (double)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; boolean in = (boolean)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; String in = (String)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; - JsonValue in = (JsonValue)source(); - out.add((String)null, in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); - out.add((String)null, in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; - JsonArrayBuilder in = (JsonArrayBuilder)source(); - out.add((String)null, in); - sink(out); // $hasTaintFlow - } - { - // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; BigInteger in = (BigInteger)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } { // "javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint" - JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder out = null; BigDecimal in = (BigDecimal)source(); out.add((String)null, in); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out = in.addAll(null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder instance = null; + out = instance.addAll(in); + sink(out); // $hasValueFlow + } { // "javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value" - JsonObjectBuilder out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.addNull(null); sink(out); // $hasValueFlow } { // "javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint" - JsonObject out = null; - JsonObjectBuilder in = (JsonObjectBuilder)source(); + javax.json.JsonObject out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); out = in.build(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonPatch in = (javax.json.JsonPatch)source(); + out = in.apply(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + javax.json.JsonPatch instance = null; + out = instance.apply(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint" + javax.json.JsonArray out = null; + javax.json.JsonPatch in = (javax.json.JsonPatch)source(); + out = in.toJsonArray(); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" - JsonStructure out = null; - JsonReader in = (JsonReader)source(); + javax.json.JsonStructure out = null; + javax.json.JsonReader in = (javax.json.JsonReader)source(); out = in.read(); sink(out); // $hasTaintFlow } { // "javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint" - JsonArray out = null; - JsonReader in = (JsonReader)source(); + javax.json.JsonArray out = null; + javax.json.JsonReader in = (javax.json.JsonReader)source(); out = in.readArray(); sink(out); // $hasTaintFlow } { // "javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint" - JsonObject out = null; - JsonReader in = (JsonReader)source(); + javax.json.JsonObject out = null; + javax.json.JsonReader in = (javax.json.JsonReader)source(); out = in.readObject(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonReader in = (javax.json.JsonReader)source(); + out = in.readValue(); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" - JsonReader out = null; + javax.json.JsonReader out = null; Reader in = (Reader)source(); - JsonReaderFactory instance = null; + javax.json.JsonReaderFactory instance = null; out = instance.createReader(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" - JsonReader out = null; + javax.json.JsonReader out = null; InputStream in = (InputStream)source(); - JsonReaderFactory instance = null; + javax.json.JsonReaderFactory instance = null; out = instance.createReader(in, null); sink(out); // $hasTaintFlow } { // "javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint" - JsonReader out = null; + javax.json.JsonReader out = null; InputStream in = (InputStream)source(); - JsonReaderFactory instance = null; + javax.json.JsonReaderFactory instance = null; out = instance.createReader(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint" CharSequence out = null; - JsonString in = (JsonString)source(); + javax.json.JsonString in = (javax.json.JsonString)source(); out = in.getChars(); sink(out); // $hasTaintFlow } { // "javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonString in = (JsonString)source(); + javax.json.JsonString in = (javax.json.JsonString)source(); out = in.getString(); sink(out); // $hasTaintFlow } { - // "javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint" + // "javax.json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + out = in.getValue(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint" + javax.json.JsonArray out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = in.asJsonArray(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint" + javax.json.JsonObject out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = in.asJsonObject(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint" String out = null; - JsonValue in = (JsonValue)source(); + javax.json.JsonValue in = (javax.json.JsonValue)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + javax.json.JsonNumber in = (javax.json.JsonNumber)source(); out = in.toString(); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" - JsonWriter out = null; - JsonValue in = (JsonValue)source(); + javax.json.JsonWriter out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); out.write(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint" - JsonWriter out = null; - JsonStructure in = (JsonStructure)source(); + javax.json.JsonWriter out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); out.write(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint" - JsonWriter out = null; - JsonArray in = (JsonArray)source(); + javax.json.JsonWriter out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); out.writeArray(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint" - JsonWriter out = null; - JsonObject in = (JsonObject)source(); + javax.json.JsonWriter out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); out.writeObject(in); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" Writer out = null; - JsonWriterFactory in = (JsonWriterFactory)source(); + javax.json.JsonWriterFactory in = (javax.json.JsonWriterFactory)source(); in.createWriter(out); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" OutputStream out = null; - JsonWriterFactory in = (JsonWriterFactory)source(); + javax.json.JsonWriterFactory in = (javax.json.JsonWriterFactory)source(); in.createWriter(out, null); sink(out); // $hasTaintFlow } { // "javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" OutputStream out = null; - JsonWriterFactory in = (JsonWriterFactory)source(); + javax.json.JsonWriterFactory in = (javax.json.JsonWriterFactory)source(); in.createWriter(out); sink(out); // $hasTaintFlow } diff --git a/java/ql/test/library-tests/frameworks/javax-json/options b/java/ql/test/library-tests/frameworks/javax-json/options index 7da95c7e5e3..c120050853f 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/options +++ b/java/ql/test/library-tests/frameworks/javax-json/options @@ -1 +1 @@ -//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/javax-json-api-1.1.4 +//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/javax-json-api-1.1.4:${testdir}/../../../stubs/jakarta-json-2.0.1 diff --git a/java/ql/test/library-tests/frameworks/javax-json/test.ql b/java/ql/test/library-tests/frameworks/javax-json/test.ql index 465161863cc..6158159e1e5 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/test.ql +++ b/java/ql/test/library-tests/frameworks/javax-json/test.ql @@ -1,6 +1,5 @@ import java import semmle.code.java.dataflow.DataFlow -import semmle.code.java.dataflow.ExternalFlow import semmle.code.java.dataflow.TaintTracking import TestUtilities.InlineExpectationsTest diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/Json.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/Json.java new file mode 100644 index 00000000000..2915ea69ed8 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/Json.java @@ -0,0 +1,72 @@ +// Generated automatically from jakarta.json.Json for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonArrayBuilder; +import jakarta.json.JsonBuilderFactory; +import jakarta.json.JsonMergePatch; +import jakarta.json.JsonNumber; +import jakarta.json.JsonObject; +import jakarta.json.JsonObjectBuilder; +import jakarta.json.JsonPatch; +import jakarta.json.JsonPatchBuilder; +import jakarta.json.JsonPointer; +import jakarta.json.JsonReader; +import jakarta.json.JsonReaderFactory; +import jakarta.json.JsonString; +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; +import jakarta.json.JsonWriter; +import jakarta.json.JsonWriterFactory; +import jakarta.json.stream.JsonGenerator; +import jakarta.json.stream.JsonGeneratorFactory; +import jakarta.json.stream.JsonParser; +import jakarta.json.stream.JsonParserFactory; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Reader; +import java.io.Writer; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Collection; +import java.util.Map; + +public class Json +{ + protected Json() {} + public static JsonArrayBuilder createArrayBuilder(){ return null; } + public static JsonArrayBuilder createArrayBuilder(Collection p0){ return null; } + public static JsonArrayBuilder createArrayBuilder(JsonArray p0){ return null; } + public static JsonBuilderFactory createBuilderFactory(Map p0){ return null; } + public static JsonGenerator createGenerator(OutputStream p0){ return null; } + public static JsonGenerator createGenerator(Writer p0){ return null; } + public static JsonGeneratorFactory createGeneratorFactory(Map p0){ return null; } + public static JsonMergePatch createMergeDiff(JsonValue p0, JsonValue p1){ return null; } + public static JsonMergePatch createMergePatch(JsonValue p0){ return null; } + public static JsonNumber createValue(BigDecimal p0){ return null; } + public static JsonNumber createValue(BigInteger p0){ return null; } + public static JsonNumber createValue(double p0){ return null; } + public static JsonNumber createValue(int p0){ return null; } + public static JsonNumber createValue(long p0){ return null; } + public static JsonObjectBuilder createObjectBuilder(){ return null; } + public static JsonObjectBuilder createObjectBuilder(JsonObject p0){ return null; } + public static JsonObjectBuilder createObjectBuilder(Map p0){ return null; } + public static JsonParser createParser(InputStream p0){ return null; } + public static JsonParser createParser(Reader p0){ return null; } + public static JsonParserFactory createParserFactory(Map p0){ return null; } + public static JsonPatch createDiff(JsonStructure p0, JsonStructure p1){ return null; } + public static JsonPatch createPatch(JsonArray p0){ return null; } + public static JsonPatchBuilder createPatchBuilder(){ return null; } + public static JsonPatchBuilder createPatchBuilder(JsonArray p0){ return null; } + public static JsonPointer createPointer(String p0){ return null; } + public static JsonReader createReader(InputStream p0){ return null; } + public static JsonReader createReader(Reader p0){ return null; } + public static JsonReaderFactory createReaderFactory(Map p0){ return null; } + public static JsonString createValue(String p0){ return null; } + public static JsonWriter createWriter(OutputStream p0){ return null; } + public static JsonWriter createWriter(Writer p0){ return null; } + public static JsonWriterFactory createWriterFactory(Map p0){ return null; } + public static String decodePointer(String p0){ return null; } + public static String encodePointer(String p0){ return null; } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArray.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArray.java new file mode 100644 index 00000000000..ef6e2f82c59 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArray.java @@ -0,0 +1,28 @@ +// Generated automatically from jakarta.json.JsonArray for testing purposes + +package jakarta.json; + +import jakarta.json.JsonNumber; +import jakarta.json.JsonObject; +import jakarta.json.JsonString; +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; +import java.util.List; +import java.util.function.Function; + +public interface JsonArray extends JsonStructure, List +{ + List getValuesAs(Class p0); + JsonArray getJsonArray(int p0); + JsonNumber getJsonNumber(int p0); + JsonObject getJsonObject(int p0); + JsonString getJsonString(int p0); + String getString(int p0); + String getString(int p0, String p1); + boolean getBoolean(int p0); + boolean getBoolean(int p0, boolean p1); + boolean isNull(int p0); + default List getValuesAs(Function p0){ return null; } + int getInt(int p0); + int getInt(int p0, int p1); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArrayBuilder.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArrayBuilder.java new file mode 100644 index 00000000000..c1a482605d6 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonArrayBuilder.java @@ -0,0 +1,49 @@ +// Generated automatically from jakarta.json.JsonArrayBuilder for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObjectBuilder; +import jakarta.json.JsonValue; +import java.math.BigDecimal; +import java.math.BigInteger; + +public interface JsonArrayBuilder +{ + JsonArray build(); + JsonArrayBuilder add(BigDecimal p0); + JsonArrayBuilder add(BigInteger p0); + JsonArrayBuilder add(JsonArrayBuilder p0); + JsonArrayBuilder add(JsonObjectBuilder p0); + JsonArrayBuilder add(JsonValue p0); + JsonArrayBuilder add(String p0); + JsonArrayBuilder add(boolean p0); + JsonArrayBuilder add(double p0); + JsonArrayBuilder add(int p0); + JsonArrayBuilder add(long p0); + JsonArrayBuilder addNull(); + default JsonArrayBuilder add(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder add(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder add(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder add(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder add(int p0, String p1){ return null; } + default JsonArrayBuilder add(int p0, boolean p1){ return null; } + default JsonArrayBuilder add(int p0, double p1){ return null; } + default JsonArrayBuilder add(int p0, int p1){ return null; } + default JsonArrayBuilder add(int p0, long p1){ return null; } + default JsonArrayBuilder addAll(JsonArrayBuilder p0){ return null; } + default JsonArrayBuilder addNull(int p0){ return null; } + default JsonArrayBuilder remove(int p0){ return null; } + default JsonArrayBuilder set(int p0, BigDecimal p1){ return null; } + default JsonArrayBuilder set(int p0, BigInteger p1){ return null; } + default JsonArrayBuilder set(int p0, JsonArrayBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonObjectBuilder p1){ return null; } + default JsonArrayBuilder set(int p0, JsonValue p1){ return null; } + default JsonArrayBuilder set(int p0, String p1){ return null; } + default JsonArrayBuilder set(int p0, boolean p1){ return null; } + default JsonArrayBuilder set(int p0, double p1){ return null; } + default JsonArrayBuilder set(int p0, int p1){ return null; } + default JsonArrayBuilder set(int p0, long p1){ return null; } + default JsonArrayBuilder setNull(int p0){ return null; } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonBuilderFactory.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonBuilderFactory.java new file mode 100644 index 00000000000..e981195bc36 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonBuilderFactory.java @@ -0,0 +1,21 @@ +// Generated automatically from jakarta.json.JsonBuilderFactory for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonArrayBuilder; +import jakarta.json.JsonObject; +import jakarta.json.JsonObjectBuilder; +import java.util.Collection; +import java.util.Map; + +public interface JsonBuilderFactory +{ + JsonArrayBuilder createArrayBuilder(); + JsonObjectBuilder createObjectBuilder(); + Map getConfigInUse(); + default JsonArrayBuilder createArrayBuilder(Collection p0){ return null; } + default JsonArrayBuilder createArrayBuilder(JsonArray p0){ return null; } + default JsonObjectBuilder createObjectBuilder(JsonObject p0){ return null; } + default JsonObjectBuilder createObjectBuilder(Map p0){ return null; } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonMergePatch.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonMergePatch.java new file mode 100644 index 00000000000..36998bab2fc --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonMergePatch.java @@ -0,0 +1,11 @@ +// Generated automatically from jakarta.json.JsonMergePatch for testing purposes + +package jakarta.json; + +import jakarta.json.JsonValue; + +public interface JsonMergePatch +{ + JsonValue apply(JsonValue p0); + JsonValue toJsonValue(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonNumber.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonNumber.java new file mode 100644 index 00000000000..525ac277719 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonNumber.java @@ -0,0 +1,24 @@ +// Generated automatically from jakarta.json.JsonNumber for testing purposes + +package jakarta.json; + +import jakarta.json.JsonValue; +import java.math.BigDecimal; +import java.math.BigInteger; + +public interface JsonNumber extends JsonValue +{ + BigDecimal bigDecimalValue(); + BigInteger bigIntegerValue(); + BigInteger bigIntegerValueExact(); + String toString(); + boolean equals(Object p0); + boolean isIntegral(); + default Number numberValue(){ return null; } + double doubleValue(); + int hashCode(); + int intValue(); + int intValueExact(); + long longValue(); + long longValueExact(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObject.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObject.java new file mode 100644 index 00000000000..49ff08668aa --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObject.java @@ -0,0 +1,25 @@ +// Generated automatically from jakarta.json.JsonObject for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonNumber; +import jakarta.json.JsonString; +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; +import java.util.Map; + +public interface JsonObject extends JsonStructure, Map +{ + JsonArray getJsonArray(String p0); + JsonNumber getJsonNumber(String p0); + JsonObject getJsonObject(String p0); + JsonString getJsonString(String p0); + String getString(String p0); + String getString(String p0, String p1); + boolean getBoolean(String p0); + boolean getBoolean(String p0, boolean p1); + boolean isNull(String p0); + int getInt(String p0); + int getInt(String p0, int p1); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObjectBuilder.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObjectBuilder.java new file mode 100644 index 00000000000..5875588fb0d --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonObjectBuilder.java @@ -0,0 +1,27 @@ +// Generated automatically from jakarta.json.JsonObjectBuilder for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArrayBuilder; +import jakarta.json.JsonObject; +import jakarta.json.JsonValue; +import java.math.BigDecimal; +import java.math.BigInteger; + +public interface JsonObjectBuilder +{ + JsonObject build(); + JsonObjectBuilder add(String p0, BigDecimal p1); + JsonObjectBuilder add(String p0, BigInteger p1); + JsonObjectBuilder add(String p0, JsonArrayBuilder p1); + JsonObjectBuilder add(String p0, JsonObjectBuilder p1); + JsonObjectBuilder add(String p0, JsonValue p1); + JsonObjectBuilder add(String p0, String p1); + JsonObjectBuilder add(String p0, boolean p1); + JsonObjectBuilder add(String p0, double p1); + JsonObjectBuilder add(String p0, int p1); + JsonObjectBuilder add(String p0, long p1); + JsonObjectBuilder addNull(String p0); + default JsonObjectBuilder addAll(JsonObjectBuilder p0){ return null; } + default JsonObjectBuilder remove(String p0){ return null; } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatch.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatch.java new file mode 100644 index 00000000000..44530617a00 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatch.java @@ -0,0 +1,12 @@ +// Generated automatically from jakarta.json.JsonPatch for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonStructure; + +public interface JsonPatch +{ + T apply(T p0); + JsonArray toJsonArray(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatchBuilder.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatchBuilder.java new file mode 100644 index 00000000000..75cbc5e97d9 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPatchBuilder.java @@ -0,0 +1,26 @@ +// Generated automatically from jakarta.json.JsonPatchBuilder for testing purposes + +package jakarta.json; + +import jakarta.json.JsonPatch; +import jakarta.json.JsonValue; + +public interface JsonPatchBuilder +{ + JsonPatch build(); + JsonPatchBuilder add(String p0, JsonValue p1); + JsonPatchBuilder add(String p0, String p1); + JsonPatchBuilder add(String p0, boolean p1); + JsonPatchBuilder add(String p0, int p1); + JsonPatchBuilder copy(String p0, String p1); + JsonPatchBuilder move(String p0, String p1); + JsonPatchBuilder remove(String p0); + JsonPatchBuilder replace(String p0, JsonValue p1); + JsonPatchBuilder replace(String p0, String p1); + JsonPatchBuilder replace(String p0, boolean p1); + JsonPatchBuilder replace(String p0, int p1); + JsonPatchBuilder test(String p0, JsonValue p1); + JsonPatchBuilder test(String p0, String p1); + JsonPatchBuilder test(String p0, boolean p1); + JsonPatchBuilder test(String p0, int p1); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPointer.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPointer.java new file mode 100644 index 00000000000..dd2d5123624 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonPointer.java @@ -0,0 +1,16 @@ +// Generated automatically from jakarta.json.JsonPointer for testing purposes + +package jakarta.json; + +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; + +public interface JsonPointer +{ + T add(T p0, JsonValue p1); + T remove(T p0); + T replace(T p0, JsonValue p1); + JsonValue getValue(JsonStructure p0); + String toString(); + boolean containsValue(JsonStructure p0); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReader.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReader.java new file mode 100644 index 00000000000..1edbe7d16c8 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReader.java @@ -0,0 +1,18 @@ +// Generated automatically from jakarta.json.JsonReader for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; +import java.io.Closeable; + +public interface JsonReader extends Closeable +{ + JsonArray readArray(); + JsonObject readObject(); + JsonStructure read(); + default JsonValue readValue(){ return null; } + void close(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReaderFactory.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReaderFactory.java new file mode 100644 index 00000000000..6d7292b6588 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonReaderFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from jakarta.json.JsonReaderFactory for testing purposes + +package jakarta.json; + +import jakarta.json.JsonReader; +import java.io.InputStream; +import java.io.Reader; +import java.nio.charset.Charset; +import java.util.Map; + +public interface JsonReaderFactory +{ + JsonReader createReader(InputStream p0); + JsonReader createReader(InputStream p0, Charset p1); + JsonReader createReader(Reader p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonString.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonString.java new file mode 100644 index 00000000000..007e5b3046f --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonString.java @@ -0,0 +1,13 @@ +// Generated automatically from jakarta.json.JsonString for testing purposes + +package jakarta.json; + +import jakarta.json.JsonValue; + +public interface JsonString extends JsonValue +{ + CharSequence getChars(); + String getString(); + boolean equals(Object p0); + int hashCode(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonStructure.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonStructure.java new file mode 100644 index 00000000000..cf2f54a2cae --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonStructure.java @@ -0,0 +1,10 @@ +// Generated automatically from jakarta.json.JsonStructure for testing purposes + +package jakarta.json; + +import jakarta.json.JsonValue; + +public interface JsonStructure extends JsonValue +{ + default JsonValue getValue(String p0){ return null; } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonValue.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonValue.java new file mode 100644 index 00000000000..93d581498f2 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonValue.java @@ -0,0 +1,24 @@ +// Generated automatically from jakarta.json.JsonValue for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; + +public interface JsonValue +{ + JsonValue.ValueType getValueType(); + String toString(); + default JsonArray asJsonArray(){ return null; } + default JsonObject asJsonObject(){ return null; } + static JsonArray EMPTY_JSON_ARRAY = null; + static JsonObject EMPTY_JSON_OBJECT = null; + static JsonValue FALSE = null; + static JsonValue NULL = null; + static JsonValue TRUE = null; + static public enum ValueType + { + ARRAY, FALSE, NULL, NUMBER, OBJECT, STRING, TRUE; + private ValueType() {} + } +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriter.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriter.java new file mode 100644 index 00000000000..17a60482a4c --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriter.java @@ -0,0 +1,18 @@ +// Generated automatically from jakarta.json.JsonWriter for testing purposes + +package jakarta.json; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.JsonStructure; +import jakarta.json.JsonValue; +import java.io.Closeable; + +public interface JsonWriter extends Closeable +{ + default void write(JsonValue p0){} + void close(); + void write(JsonStructure p0); + void writeArray(JsonArray p0); + void writeObject(JsonObject p0); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriterFactory.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriterFactory.java new file mode 100644 index 00000000000..a1263a2d1cf --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/JsonWriterFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from jakarta.json.JsonWriterFactory for testing purposes + +package jakarta.json; + +import jakarta.json.JsonWriter; +import java.io.OutputStream; +import java.io.Writer; +import java.nio.charset.Charset; +import java.util.Map; + +public interface JsonWriterFactory +{ + JsonWriter createWriter(OutputStream p0); + JsonWriter createWriter(OutputStream p0, Charset p1); + JsonWriter createWriter(Writer p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGenerator.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGenerator.java new file mode 100644 index 00000000000..b2834bfca65 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGenerator.java @@ -0,0 +1,40 @@ +// Generated automatically from jakarta.json.stream.JsonGenerator for testing purposes + +package jakarta.json.stream; + +import jakarta.json.JsonValue; +import java.io.Closeable; +import java.io.Flushable; +import java.math.BigDecimal; +import java.math.BigInteger; + +public interface JsonGenerator extends Closeable, Flushable +{ + JsonGenerator write(BigDecimal p0); + JsonGenerator write(BigInteger p0); + JsonGenerator write(JsonValue p0); + JsonGenerator write(String p0); + JsonGenerator write(String p0, BigDecimal p1); + JsonGenerator write(String p0, BigInteger p1); + JsonGenerator write(String p0, JsonValue p1); + JsonGenerator write(String p0, String p1); + JsonGenerator write(String p0, boolean p1); + JsonGenerator write(String p0, double p1); + JsonGenerator write(String p0, int p1); + JsonGenerator write(String p0, long p1); + JsonGenerator write(boolean p0); + JsonGenerator write(double p0); + JsonGenerator write(int p0); + JsonGenerator write(long p0); + JsonGenerator writeEnd(); + JsonGenerator writeKey(String p0); + JsonGenerator writeNull(); + JsonGenerator writeNull(String p0); + JsonGenerator writeStartArray(); + JsonGenerator writeStartArray(String p0); + JsonGenerator writeStartObject(); + JsonGenerator writeStartObject(String p0); + static String PRETTY_PRINTING = null; + void close(); + void flush(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGeneratorFactory.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGeneratorFactory.java new file mode 100644 index 00000000000..5782aff17f2 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonGeneratorFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from jakarta.json.stream.JsonGeneratorFactory for testing purposes + +package jakarta.json.stream; + +import jakarta.json.stream.JsonGenerator; +import java.io.OutputStream; +import java.io.Writer; +import java.nio.charset.Charset; +import java.util.Map; + +public interface JsonGeneratorFactory +{ + JsonGenerator createGenerator(OutputStream p0); + JsonGenerator createGenerator(OutputStream p0, Charset p1); + JsonGenerator createGenerator(Writer p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonLocation.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonLocation.java new file mode 100644 index 00000000000..c1dcf832a61 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonLocation.java @@ -0,0 +1,11 @@ +// Generated automatically from jakarta.json.stream.JsonLocation for testing purposes + +package jakarta.json.stream; + + +public interface JsonLocation +{ + long getColumnNumber(); + long getLineNumber(); + long getStreamOffset(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParser.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParser.java new file mode 100644 index 00000000000..99c4895c055 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParser.java @@ -0,0 +1,38 @@ +// Generated automatically from jakarta.json.stream.JsonParser for testing purposes + +package jakarta.json.stream; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.JsonValue; +import jakarta.json.stream.JsonLocation; +import java.io.Closeable; +import java.math.BigDecimal; +import java.util.Map; +import java.util.stream.Stream; + +public interface JsonParser extends Closeable +{ + BigDecimal getBigDecimal(); + JsonLocation getLocation(); + JsonParser.Event next(); + String getString(); + boolean hasNext(); + boolean isIntegralNumber(); + default JsonArray getArray(){ return null; } + default JsonObject getObject(){ return null; } + default JsonValue getValue(){ return null; } + default Stream getArrayStream(){ return null; } + default Stream getValueStream(){ return null; } + default Stream> getObjectStream(){ return null; } + default void skipArray(){} + default void skipObject(){} + int getInt(); + long getLong(); + static public enum Event + { + END_ARRAY, END_OBJECT, KEY_NAME, START_ARRAY, START_OBJECT, VALUE_FALSE, VALUE_NULL, VALUE_NUMBER, VALUE_STRING, VALUE_TRUE; + private Event() {} + } + void close(); +} diff --git a/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParserFactory.java b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParserFactory.java new file mode 100644 index 00000000000..b1e56f5f217 --- /dev/null +++ b/java/ql/test/stubs/jakarta-json-2.0.1/jakarta/json/stream/JsonParserFactory.java @@ -0,0 +1,21 @@ +// Generated automatically from jakarta.json.stream.JsonParserFactory for testing purposes + +package jakarta.json.stream; + +import jakarta.json.JsonArray; +import jakarta.json.JsonObject; +import jakarta.json.stream.JsonParser; +import java.io.InputStream; +import java.io.Reader; +import java.nio.charset.Charset; +import java.util.Map; + +public interface JsonParserFactory +{ + JsonParser createParser(InputStream p0); + JsonParser createParser(InputStream p0, Charset p1); + JsonParser createParser(JsonArray p0); + JsonParser createParser(JsonObject p0); + JsonParser createParser(Reader p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/Json.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/Json.java new file mode 100644 index 00000000000..ac13920ff16 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/Json.java @@ -0,0 +1,72 @@ +// Generated automatically from javax.json.Json for testing purposes + +package javax.json; + +import java.io.InputStream; +import java.io.OutputStream; +import java.io.Reader; +import java.io.Writer; +import java.math.BigDecimal; +import java.math.BigInteger; +import java.util.Collection; +import java.util.Map; +import javax.json.JsonArray; +import javax.json.JsonArrayBuilder; +import javax.json.JsonBuilderFactory; +import javax.json.JsonMergePatch; +import javax.json.JsonNumber; +import javax.json.JsonObject; +import javax.json.JsonObjectBuilder; +import javax.json.JsonPatch; +import javax.json.JsonPatchBuilder; +import javax.json.JsonPointer; +import javax.json.JsonReader; +import javax.json.JsonReaderFactory; +import javax.json.JsonString; +import javax.json.JsonStructure; +import javax.json.JsonValue; +import javax.json.JsonWriter; +import javax.json.JsonWriterFactory; +import javax.json.stream.JsonGenerator; +import javax.json.stream.JsonGeneratorFactory; +import javax.json.stream.JsonParser; +import javax.json.stream.JsonParserFactory; + +public class Json +{ + protected Json() {} + public static JsonArrayBuilder createArrayBuilder(){ return null; } + public static JsonArrayBuilder createArrayBuilder(Collection p0){ return null; } + public static JsonArrayBuilder createArrayBuilder(JsonArray p0){ return null; } + public static JsonBuilderFactory createBuilderFactory(Map p0){ return null; } + public static JsonGenerator createGenerator(OutputStream p0){ return null; } + public static JsonGenerator createGenerator(Writer p0){ return null; } + public static JsonGeneratorFactory createGeneratorFactory(Map p0){ return null; } + public static JsonMergePatch createMergeDiff(JsonValue p0, JsonValue p1){ return null; } + public static JsonMergePatch createMergePatch(JsonValue p0){ return null; } + public static JsonNumber createValue(BigDecimal p0){ return null; } + public static JsonNumber createValue(BigInteger p0){ return null; } + public static JsonNumber createValue(double p0){ return null; } + public static JsonNumber createValue(int p0){ return null; } + public static JsonNumber createValue(long p0){ return null; } + public static JsonObjectBuilder createObjectBuilder(){ return null; } + public static JsonObjectBuilder createObjectBuilder(JsonObject p0){ return null; } + public static JsonObjectBuilder createObjectBuilder(Map p0){ return null; } + public static JsonParser createParser(InputStream p0){ return null; } + public static JsonParser createParser(Reader p0){ return null; } + public static JsonParserFactory createParserFactory(Map p0){ return null; } + public static JsonPatch createDiff(JsonStructure p0, JsonStructure p1){ return null; } + public static JsonPatch createPatch(JsonArray p0){ return null; } + public static JsonPatchBuilder createPatchBuilder(){ return null; } + public static JsonPatchBuilder createPatchBuilder(JsonArray p0){ return null; } + public static JsonPointer createPointer(String p0){ return null; } + public static JsonReader createReader(InputStream p0){ return null; } + public static JsonReader createReader(Reader p0){ return null; } + public static JsonReaderFactory createReaderFactory(Map p0){ return null; } + public static JsonString createValue(String p0){ return null; } + public static JsonWriter createWriter(OutputStream p0){ return null; } + public static JsonWriter createWriter(Writer p0){ return null; } + public static JsonWriterFactory createWriterFactory(Map p0){ return null; } + public static String decodePointer(String p0){ return null; } + public static String encodePointer(String p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonBuilderFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonBuilderFactory.java new file mode 100644 index 00000000000..8e9ea3ef94d --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonBuilderFactory.java @@ -0,0 +1,21 @@ +// Generated automatically from javax.json.JsonBuilderFactory for testing purposes + +package javax.json; + +import java.util.Collection; +import java.util.Map; +import javax.json.JsonArray; +import javax.json.JsonArrayBuilder; +import javax.json.JsonObject; +import javax.json.JsonObjectBuilder; + +public interface JsonBuilderFactory +{ + JsonArrayBuilder createArrayBuilder(); + JsonObjectBuilder createObjectBuilder(); + Map getConfigInUse(); + default JsonArrayBuilder createArrayBuilder(Collection p0){ return null; } + default JsonArrayBuilder createArrayBuilder(JsonArray p0){ return null; } + default JsonObjectBuilder createObjectBuilder(JsonObject p0){ return null; } + default JsonObjectBuilder createObjectBuilder(Map p0){ return null; } +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonMergePatch.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonMergePatch.java new file mode 100644 index 00000000000..47216635429 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonMergePatch.java @@ -0,0 +1,11 @@ +// Generated automatically from javax.json.JsonMergePatch for testing purposes + +package javax.json; + +import javax.json.JsonValue; + +public interface JsonMergePatch +{ + JsonValue apply(JsonValue p0); + JsonValue toJsonValue(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatch.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatch.java new file mode 100644 index 00000000000..d6327929bd2 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatch.java @@ -0,0 +1,12 @@ +// Generated automatically from javax.json.JsonPatch for testing purposes + +package javax.json; + +import javax.json.JsonArray; +import javax.json.JsonStructure; + +public interface JsonPatch +{ + T apply(T p0); + JsonArray toJsonArray(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatchBuilder.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatchBuilder.java new file mode 100644 index 00000000000..2d36d418a2c --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPatchBuilder.java @@ -0,0 +1,26 @@ +// Generated automatically from javax.json.JsonPatchBuilder for testing purposes + +package javax.json; + +import javax.json.JsonPatch; +import javax.json.JsonValue; + +public interface JsonPatchBuilder +{ + JsonPatch build(); + JsonPatchBuilder add(String p0, JsonValue p1); + JsonPatchBuilder add(String p0, String p1); + JsonPatchBuilder add(String p0, boolean p1); + JsonPatchBuilder add(String p0, int p1); + JsonPatchBuilder copy(String p0, String p1); + JsonPatchBuilder move(String p0, String p1); + JsonPatchBuilder remove(String p0); + JsonPatchBuilder replace(String p0, JsonValue p1); + JsonPatchBuilder replace(String p0, String p1); + JsonPatchBuilder replace(String p0, boolean p1); + JsonPatchBuilder replace(String p0, int p1); + JsonPatchBuilder test(String p0, JsonValue p1); + JsonPatchBuilder test(String p0, String p1); + JsonPatchBuilder test(String p0, boolean p1); + JsonPatchBuilder test(String p0, int p1); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPointer.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPointer.java new file mode 100644 index 00000000000..756adcdad08 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/JsonPointer.java @@ -0,0 +1,15 @@ +// Generated automatically from javax.json.JsonPointer for testing purposes + +package javax.json; + +import javax.json.JsonStructure; +import javax.json.JsonValue; + +public interface JsonPointer +{ + T add(T p0, JsonValue p1); + T remove(T p0); + T replace(T p0, JsonValue p1); + JsonValue getValue(JsonStructure p0); + boolean containsValue(JsonStructure p0); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGenerator.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGenerator.java new file mode 100644 index 00000000000..9731a1cd94b --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGenerator.java @@ -0,0 +1,40 @@ +// Generated automatically from javax.json.stream.JsonGenerator for testing purposes + +package javax.json.stream; + +import java.io.Closeable; +import java.io.Flushable; +import java.math.BigDecimal; +import java.math.BigInteger; +import javax.json.JsonValue; + +public interface JsonGenerator extends Closeable, Flushable +{ + JsonGenerator write(BigDecimal p0); + JsonGenerator write(BigInteger p0); + JsonGenerator write(JsonValue p0); + JsonGenerator write(String p0); + JsonGenerator write(String p0, BigDecimal p1); + JsonGenerator write(String p0, BigInteger p1); + JsonGenerator write(String p0, JsonValue p1); + JsonGenerator write(String p0, String p1); + JsonGenerator write(String p0, boolean p1); + JsonGenerator write(String p0, double p1); + JsonGenerator write(String p0, int p1); + JsonGenerator write(String p0, long p1); + JsonGenerator write(boolean p0); + JsonGenerator write(double p0); + JsonGenerator write(int p0); + JsonGenerator write(long p0); + JsonGenerator writeEnd(); + JsonGenerator writeKey(String p0); + JsonGenerator writeNull(); + JsonGenerator writeNull(String p0); + JsonGenerator writeStartArray(); + JsonGenerator writeStartArray(String p0); + JsonGenerator writeStartObject(); + JsonGenerator writeStartObject(String p0); + static String PRETTY_PRINTING = null; + void close(); + void flush(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGeneratorFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGeneratorFactory.java new file mode 100644 index 00000000000..895c45eca2a --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonGeneratorFactory.java @@ -0,0 +1,17 @@ +// Generated automatically from javax.json.stream.JsonGeneratorFactory for testing purposes + +package javax.json.stream; + +import java.io.OutputStream; +import java.io.Writer; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.stream.JsonGenerator; + +public interface JsonGeneratorFactory +{ + JsonGenerator createGenerator(OutputStream p0); + JsonGenerator createGenerator(OutputStream p0, Charset p1); + JsonGenerator createGenerator(Writer p0); + Map getConfigInUse(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonLocation.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonLocation.java new file mode 100644 index 00000000000..015715d2316 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonLocation.java @@ -0,0 +1,11 @@ +// Generated automatically from javax.json.stream.JsonLocation for testing purposes + +package javax.json.stream; + + +public interface JsonLocation +{ + long getColumnNumber(); + long getLineNumber(); + long getStreamOffset(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParser.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParser.java new file mode 100644 index 00000000000..0a3ef16c158 --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParser.java @@ -0,0 +1,38 @@ +// Generated automatically from javax.json.stream.JsonParser for testing purposes + +package javax.json.stream; + +import java.io.Closeable; +import java.math.BigDecimal; +import java.util.Map; +import java.util.stream.Stream; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.JsonValue; +import javax.json.stream.JsonLocation; + +public interface JsonParser extends Closeable +{ + BigDecimal getBigDecimal(); + JsonLocation getLocation(); + JsonParser.Event next(); + String getString(); + boolean hasNext(); + boolean isIntegralNumber(); + default JsonArray getArray(){ return null; } + default JsonObject getObject(){ return null; } + default JsonValue getValue(){ return null; } + default Stream getArrayStream(){ return null; } + default Stream getValueStream(){ return null; } + default Stream> getObjectStream(){ return null; } + default void skipArray(){} + default void skipObject(){} + int getInt(); + long getLong(); + static public enum Event + { + END_ARRAY, END_OBJECT, KEY_NAME, START_ARRAY, START_OBJECT, VALUE_FALSE, VALUE_NULL, VALUE_NUMBER, VALUE_STRING, VALUE_TRUE; + private Event() {} + } + void close(); +} diff --git a/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParserFactory.java b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParserFactory.java new file mode 100644 index 00000000000..48661a5415a --- /dev/null +++ b/java/ql/test/stubs/javax-json-api-1.1.4/javax/json/stream/JsonParserFactory.java @@ -0,0 +1,21 @@ +// Generated automatically from javax.json.stream.JsonParserFactory for testing purposes + +package javax.json.stream; + +import java.io.InputStream; +import java.io.Reader; +import java.nio.charset.Charset; +import java.util.Map; +import javax.json.JsonArray; +import javax.json.JsonObject; +import javax.json.stream.JsonParser; + +public interface JsonParserFactory +{ + JsonParser createParser(InputStream p0); + JsonParser createParser(InputStream p0, Charset p1); + JsonParser createParser(JsonArray p0); + JsonParser createParser(JsonObject p0); + JsonParser createParser(Reader p0); + Map getConfigInUse(); +} From 6bf931392be21a792b803d5432a4024ea4cd2af3 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Mon, 12 Jul 2021 17:13:39 +0100 Subject: [PATCH 3/7] Add missing model of JsonObjectBuilder.remove --- .../src/semmle/code/java/frameworks/JavaxJson.qll | 1 + .../library-tests/frameworks/javax-json/Test.java | 14 ++++++++++++++ 2 files changed, 15 insertions(+) diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index 622ac550e37..d5ddf9f6f6c 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -86,6 +86,7 @@ private class FlowSummaries extends SummaryModelCsv { "JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value", "JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", "JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value", "JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint", "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint", "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint", diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java index 6a9a140e37f..b686333aa5e 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/Test.java +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -1030,6 +1030,13 @@ public class Test { out = in.build(); sink(out); // $hasTaintFlow } + { + // "jakarta.json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonObjectBuilder out = null; + jakarta.json.JsonObjectBuilder in = (jakarta.json.JsonObjectBuilder)source(); + out = in.remove(null); + sink(out); // $hasValueFlow + } { // "jakarta.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint" jakarta.json.JsonStructure out = null; @@ -2210,6 +2217,13 @@ public class Test { out = in.build(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value" + javax.json.JsonObjectBuilder out = null; + javax.json.JsonObjectBuilder in = (javax.json.JsonObjectBuilder)source(); + out = in.remove(null); + sink(out); // $hasValueFlow + } { // "javax.json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint" javax.json.JsonStructure out = null; From 539859497b47f468dfb94fdfec74a2cdc23debf6 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Mon, 12 Jul 2021 17:39:51 +0100 Subject: [PATCH 4/7] Add models of JsonMergePatch, JsonPatchBuilder and JsonPointer --- .../semmle/code/java/frameworks/JavaxJson.qll | 25 +++++++++++++++++++ 1 file changed, 25 insertions(+) diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index d5ddf9f6f6c..cc1b9ccf9f7 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -19,7 +19,10 @@ private class FlowSummaries extends SummaryModelCsv { "Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint", "Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint", "Json;false;createPatch;;;Argument[0];ReturnValue;taint", + "Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint", + "Json;false;createPointer;;;Argument[0];ReturnValue;taint", "Json;false;createReader;;;Argument[0];ReturnValue;taint", + "Json;false;createValue;;;Argument[0];ReturnValue;taint", "Json;false;createWriter;;;Argument[0];ReturnValue;taint", "JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", "JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", @@ -61,6 +64,9 @@ private class FlowSummaries extends SummaryModelCsv { "JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint", "JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value", "JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value", + "JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint", + "JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint", + "JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint", "JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", "JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", "JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", @@ -91,6 +97,25 @@ private class FlowSummaries extends SummaryModelCsv { "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint", "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint", "JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint", + "JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint", + "JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value", + "JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint", + "JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint", + "JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value", + "JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint", + "JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value", + "JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint", + "JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value", + "JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint", + "JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value", + "JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint", + "JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value", + "JsonPointer;false;add;;;Argument[-1];ReturnValue;taint", + "JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint", + "JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint", + "JsonPointer;false;remove;;;Argument[0];ReturnValue;taint", + "JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint", + "JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint", "JsonReader;false;read;;;Argument[-1];ReturnValue;taint", "JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", "JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", From cc4401b45314ba6ae23840c6fb7aab8ac1000c96 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Mon, 12 Jul 2021 18:08:45 +0100 Subject: [PATCH 5/7] Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder --- .../semmle/code/java/frameworks/JavaxJson.qll | 244 ++-- .../frameworks/javax-json/Test.java | 1053 ++++++++++++++++- 2 files changed, 1169 insertions(+), 128 deletions(-) diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index cc1b9ccf9f7..b361343451e 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -8,129 +8,129 @@ private import semmle.code.java.dataflow.ExternalFlow private class FlowSummaries extends SummaryModelCsv { override predicate row(string row) { row = - ["javax", "jakarta"] + ".json;" + + ["javax", "jakarta"] + [ - "Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint", - "Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint", - "Json;false;createDiff;;;Argument[0..1];ReturnValue;taint", - "Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint", - "Json;false;createMergePatch;;;Argument[0];ReturnValue;taint", - "Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint", - "Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint", - "Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint", - "Json;false;createPatch;;;Argument[0];ReturnValue;taint", - "Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint", - "Json;false;createPointer;;;Argument[0];ReturnValue;taint", - "Json;false;createReader;;;Argument[0];ReturnValue;taint", - "Json;false;createValue;;;Argument[0];ReturnValue;taint", - "Json;false;createWriter;;;Argument[0];ReturnValue;taint", - "JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", - "JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getInt;;;Argument[1];ReturnValue;value", - "JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", - "JsonArray;false;getString;;;Argument[1];ReturnValue;value", - "JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", - "JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", - "JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint", - "JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value", - "JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", - "JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", - "JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value", - "JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint", - "JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value", - "JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value", - "JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint", - "JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint", - "JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", - "JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", - "JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getInt;;;Argument[1];ReturnValue;value", - "JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", - "JsonObject;false;getString;;;Argument[1];ReturnValue;value", - "JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", - "JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", - "JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value", - "JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value", - "JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", - "JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", - "JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value", - "JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint", - "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint", - "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint", - "JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint", - "JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint", - "JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value", - "JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint", - "JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint", - "JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value", - "JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint", - "JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value", - "JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint", - "JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value", - "JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint", - "JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value", - "JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint", - "JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value", - "JsonPointer;false;add;;;Argument[-1];ReturnValue;taint", - "JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint", - "JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint", - "JsonPointer;false;remove;;;Argument[0];ReturnValue;taint", - "JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint", - "JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint", - "JsonReader;false;read;;;Argument[-1];ReturnValue;taint", - "JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", - "JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", - "JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint", - "JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", - "JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", - "JsonString;false;getString;;;Argument[-1];ReturnValue;taint", - "JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint", - "JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint", - "JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint", - "JsonValue;true;toString;;;Argument[-1];ReturnValue;taint", - "JsonWriter;false;write;;;Argument[0];Argument[-1];taint", - "JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", - "JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", - "JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint" + ".json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint", + ".json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint", + ".json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint", + ".json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint", + ".json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint", + ".json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint", + ".json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint", + ".json;Json;false;createPatch;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createPointer;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint", + ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint", + ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", + ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value", + ".json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint", + ".json;JsonArray;false;getString;;;Argument[1];ReturnValue;value", + ".json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint", + ".json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value", + ".json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint", + ".json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value", + ".json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + ".json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint", + ".json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value", + ".json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint", + ".json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value", + ".json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value", + ".json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint", + ".json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint", + ".json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint", + ".json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value", + ".json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value", + ".json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint", + ".json;JsonObject;false;getString;;;Argument[1];ReturnValue;value", + ".json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value", + ".json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint", + ".json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value", + ".json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value", + ".json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value", + ".json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint", + ".json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value", + ".json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint", + ".json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint", + ".json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value", + ".json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value", + ".json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value", + ".json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint", + ".json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value", + ".json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value", + ".json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value", + ".json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint", + ".json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint", + ".json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint", + ".json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint", + ".json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint", + ".json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint", + ".json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint", + ".json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint", + ".json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint", + ".json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint", + ".json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint", + ".json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint", + ".json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint", + ".json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint", + ".json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint", + ".json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint", + ".json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint", + ".json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint", + ".json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint", + ".json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" ] } } diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java index b686333aa5e..a4366387591 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/Test.java +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -22,10 +22,50 @@ public class Test { public void test() { + { + // "jakarta.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + jakarta.json.stream.JsonParser out = null; + jakarta.json.JsonObject in = (jakarta.json.JsonObject)source(); + jakarta.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + jakarta.json.stream.JsonParser out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + jakarta.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + jakarta.json.stream.JsonParser out = null; + Reader in = (Reader)source(); + jakarta.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + jakarta.json.stream.JsonParser out = null; + InputStream in = (InputStream)source(); + jakarta.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + jakarta.json.stream.JsonParser out = null; + InputStream in = (InputStream)source(); + jakarta.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } { // "jakarta.json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint" jakarta.json.JsonArrayBuilder out = null; - Collection in = newWithElement(source()); + Collection in = (Collection)newWithElement(source()); out = jakarta.json.Json.createArrayBuilder(in); sink(out); // $hasTaintFlow } @@ -81,14 +121,14 @@ public class Test { { // "jakarta.json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint" jakarta.json.JsonObjectBuilder out = null; - Map in = newWithMapKey(source()); + Map in = (Map)newWithMapKey(source()); out = jakarta.json.Json.createObjectBuilder(in); sink(out); // $hasTaintFlow } { // "jakarta.json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint" jakarta.json.JsonObjectBuilder out = null; - Map in = newWithMapValue(source()); + Map in = (Map)newWithMapValue(source()); out = jakarta.json.Json.createObjectBuilder(in); sink(out); // $hasTaintFlow } @@ -99,6 +139,20 @@ public class Test { out = jakarta.json.Json.createPatch(in); sink(out); // $hasTaintFlow } + { + // "jakarta.json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonArray in = (jakarta.json.JsonArray)source(); + out = jakarta.json.Json.createPatchBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createPointer;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonPointer out = null; + String in = (String)source(); + out = jakarta.json.Json.createPointer(in); + sink(out); // $hasTaintFlow + } { // "jakarta.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" jakarta.json.JsonReader out = null; @@ -113,6 +167,48 @@ public class Test { out = jakarta.json.Json.createReader(in); sink(out); // $hasTaintFlow } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonString out = null; + String in = (String)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + long in = (long)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + int in = (int)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + double in = (double)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + BigInteger in = (BigInteger)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonNumber out = null; + BigDecimal in = (BigDecimal)source(); + out = jakarta.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } { // "jakarta.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" jakarta.json.JsonWriter out = null; @@ -704,6 +800,28 @@ public class Test { out = in.setNull(0); sink(out); // $hasValueFlow } + { + // "jakarta.json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonMergePatch in = (jakarta.json.JsonMergePatch)source(); + out = in.apply(null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonMergePatch instance = null; + out = instance.apply(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonMergePatch in = (jakarta.json.JsonMergePatch)source(); + out = in.toJsonValue(); + sink(out); // $hasTaintFlow + } { // "jakarta.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" BigDecimal out = null; @@ -1059,6 +1177,412 @@ public class Test { out = in.toJsonArray(); sink(out); // $hasTaintFlow } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.add((String)null, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.add((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.add((String)null, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.add((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + int in = (int)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add(in, false); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add(in, 0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add(in, (jakarta.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonPatch out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.copy(null, null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.copy(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.copy(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.move(null, null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.move(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.move(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.remove(null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.remove(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.replace((String)null, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.replace((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.replace((String)null, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.replace((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + int in = (int)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace(in, false); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace(in, 0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace(in, (jakarta.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.test((String)null, false); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.test((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.test((String)null, (jakarta.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonPatchBuilder in = (jakarta.json.JsonPatchBuilder)source(); + out = in.test((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + int in = (int)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test(in, false); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test(in, 0); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test(in, (jakarta.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonPatchBuilder out = null; + String in = (String)source(); + jakarta.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonPointer in = (jakarta.json.JsonPointer)source(); + out = in.add(null, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonPointer instance = null; + out = instance.add(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + jakarta.json.JsonPointer instance = null; + out = instance.add(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonValue out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + jakarta.json.JsonPointer instance = null; + out = instance.getValue(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + jakarta.json.JsonPointer instance = null; + out = instance.remove(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonValue in = (jakarta.json.JsonValue)source(); + jakarta.json.JsonPointer instance = null; + out = instance.replace(null, in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint" + jakarta.json.JsonStructure out = null; + jakarta.json.JsonStructure in = (jakarta.json.JsonStructure)source(); + jakarta.json.JsonPointer instance = null; + out = instance.replace(in, null); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint" + String out = null; + jakarta.json.JsonPointer in = (jakarta.json.JsonPointer)source(); + out = in.toString(); + sink(out); // $hasTaintFlow + } { // "jakarta.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" jakarta.json.JsonStructure out = null; @@ -1209,10 +1733,50 @@ public class Test { in.createWriter(out); sink(out); // $hasTaintFlow } + { + // "javax.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + javax.json.stream.JsonParser out = null; + javax.json.JsonObject in = (javax.json.JsonObject)source(); + javax.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + javax.json.stream.JsonParser out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); + javax.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + javax.json.stream.JsonParser out = null; + Reader in = (Reader)source(); + javax.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + javax.json.stream.JsonParser out = null; + InputStream in = (InputStream)source(); + javax.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint" + javax.json.stream.JsonParser out = null; + InputStream in = (InputStream)source(); + javax.json.stream.JsonParserFactory instance = null; + out = instance.createParser(in); + sink(out); // $hasTaintFlow + } { // "javax.json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint" javax.json.JsonArrayBuilder out = null; - Collection in = newWithElement(source()); + Collection in = (Collection)newWithElement(source()); out = javax.json.Json.createArrayBuilder(in); sink(out); // $hasTaintFlow } @@ -1268,14 +1832,14 @@ public class Test { { // "javax.json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint" javax.json.JsonObjectBuilder out = null; - Map in = newWithMapKey(source()); + Map in = (Map)newWithMapKey(source()); out = javax.json.Json.createObjectBuilder(in); sink(out); // $hasTaintFlow } { // "javax.json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint" javax.json.JsonObjectBuilder out = null; - Map in = newWithMapValue(source()); + Map in = (Map)newWithMapValue(source()); out = javax.json.Json.createObjectBuilder(in); sink(out); // $hasTaintFlow } @@ -1286,6 +1850,20 @@ public class Test { out = javax.json.Json.createPatch(in); sink(out); // $hasTaintFlow } + { + // "javax.json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonArray in = (javax.json.JsonArray)source(); + out = javax.json.Json.createPatchBuilder(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createPointer;;;Argument[0];ReturnValue;taint" + javax.json.JsonPointer out = null; + String in = (String)source(); + out = javax.json.Json.createPointer(in); + sink(out); // $hasTaintFlow + } { // "javax.json;Json;false;createReader;;;Argument[0];ReturnValue;taint" javax.json.JsonReader out = null; @@ -1300,6 +1878,48 @@ public class Test { out = javax.json.Json.createReader(in); sink(out); // $hasTaintFlow } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonString out = null; + String in = (String)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonNumber out = null; + long in = (long)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonNumber out = null; + int in = (int)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonNumber out = null; + double in = (double)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonNumber out = null; + BigInteger in = (BigInteger)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;createValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonNumber out = null; + BigDecimal in = (BigDecimal)source(); + out = javax.json.Json.createValue(in); + sink(out); // $hasTaintFlow + } { // "javax.json;Json;false;createWriter;;;Argument[0];ReturnValue;taint" javax.json.JsonWriter out = null; @@ -1891,6 +2511,28 @@ public class Test { out = in.setNull(0); sink(out); // $hasValueFlow } + { + // "javax.json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonMergePatch in = (javax.json.JsonMergePatch)source(); + out = in.apply(null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonMergePatch instance = null; + out = instance.apply(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonMergePatch in = (javax.json.JsonMergePatch)source(); + out = in.toJsonValue(); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint" BigDecimal out = null; @@ -2246,6 +2888,405 @@ public class Test { out = in.toJsonArray(); sink(out); // $hasTaintFlow } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.add((String)null, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.add((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.add((String)null, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.add((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + int in = (int)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add(in, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add(in, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add(in, (javax.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.add((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint" + javax.json.JsonPatch out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.build(); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.copy(null, null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.copy(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.copy(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.move(null, null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.move(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.move(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.remove(null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.remove(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.replace((String)null, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.replace((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.replace((String)null, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.replace((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + int in = (int)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace(in, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace(in, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace(in, (javax.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.replace((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.test((String)null, false); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.test((String)null, 0); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.test((String)null, (javax.json.JsonValue)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonPatchBuilder in = (javax.json.JsonPatchBuilder)source(); + out = in.test((String)null, (String)null); + sink(out); // $hasValueFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + int in = (int)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + boolean in = (boolean)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test(in, false); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test(in, 0); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test(in, (javax.json.JsonValue)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test(in, (String)null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonPatchBuilder out = null; + String in = (String)source(); + javax.json.JsonPatchBuilder instance = null; + out = instance.test((String)null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonPointer in = (javax.json.JsonPointer)source(); + out = in.add(null, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonPointer instance = null; + out = instance.add(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + javax.json.JsonPointer instance = null; + out = instance.add(in, null); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint" + javax.json.JsonValue out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + javax.json.JsonPointer instance = null; + out = instance.getValue(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + javax.json.JsonPointer instance = null; + out = instance.remove(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonValue in = (javax.json.JsonValue)source(); + javax.json.JsonPointer instance = null; + out = instance.replace(null, in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint" + javax.json.JsonStructure out = null; + javax.json.JsonStructure in = (javax.json.JsonStructure)source(); + javax.json.JsonPointer instance = null; + out = instance.replace(in, null); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint" javax.json.JsonStructure out = null; From 2bd58d6ba72da346852bcbb858830509d5ed5e40 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Mon, 12 Jul 2021 18:09:23 +0100 Subject: [PATCH 6/7] Improve header comment --- java/ql/src/semmle/code/java/frameworks/JavaxJson.qll | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index b361343451e..6a6d819ccf1 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -1,5 +1,5 @@ /** - * Provides models for the `javax.json` package. + * Provides models for the `javax.json` and `jakarta.json` packages. */ import java From 78fe0f810a3ef56f006d3cc5d44f6c60e5fd1657 Mon Sep 17 00:00:00 2001 From: Chris Smowton Date: Tue, 13 Jul 2021 11:10:46 +0100 Subject: [PATCH 7/7] Add models for decode/encodePointer methods --- .../semmle/code/java/frameworks/JavaxJson.qll | 2 ++ .../frameworks/javax-json/Test.java | 28 +++++++++++++++++++ 2 files changed, 30 insertions(+) diff --git a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll index 6a6d819ccf1..ea7983a6202 100644 --- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll +++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll @@ -24,6 +24,8 @@ private class FlowSummaries extends SummaryModelCsv { ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint", ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint", ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint", + ".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint", + ".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint", ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", diff --git a/java/ql/test/library-tests/frameworks/javax-json/Test.java b/java/ql/test/library-tests/frameworks/javax-json/Test.java index a4366387591..db659ee336c 100644 --- a/java/ql/test/library-tests/frameworks/javax-json/Test.java +++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java @@ -223,6 +223,20 @@ public class Test { out = jakarta.json.Json.createWriter(in); sink(out); // $hasTaintFlow } + { + // "jakarta.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint" + String out = null; + String in = (String)source(); + out = jakarta.json.Json.decodePointer(in); + sink(out); // $hasTaintFlow + } + { + // "jakarta.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint" + String out = null; + String in = (String)source(); + out = jakarta.json.Json.encodePointer(in); + sink(out); // $hasTaintFlow + } { // "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false; @@ -1934,6 +1948,20 @@ public class Test { out = javax.json.Json.createWriter(in); sink(out); // $hasTaintFlow } + { + // "javax.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint" + String out = null; + String in = (String)source(); + out = javax.json.Json.decodePointer(in); + sink(out); // $hasTaintFlow + } + { + // "javax.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint" + String out = null; + String in = (String)source(); + out = javax.json.Json.encodePointer(in); + sink(out); // $hasTaintFlow + } { // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" boolean out = false;