hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 17:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into atorralba/java/command-injection-mad-sinks

Browse Source
This commit is contained in:
Tony Torralba
2023-06-02 08:57:24 +02:00
committed by GitHub
parent a276cc3094 84a7b3ca52
commit c3b1ef2cdf
652 changed files with 20081 additions and 5057 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/test/ext/TestModels/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]

2
java/ql/test/kotlin/library-tests/dataflow/notnullexpr/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["", "Uri", False, "getQueryParameter", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]

2
java/ql/test/kotlin/library-tests/dataflow/whenexpr/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["", "Uri", False, "getQueryParameter", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]

3
java/ql/test/library-tests/dataflow/callback-dispatch/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["my.callback.qltest", "A", False, "applyConsumer1", "(Object,Consumer1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
@@ -15,4 +15,3 @@ extensions:
- ["my.callback.qltest", "A", False, "produceConsume", "(Producer1,Consumer3)", "", "Argument[1].Parameter[0]", "ReturnValue", "value", "manual"]
- ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[0]", "Argument[1].Parameter[0]", "value", "manual"]
- ["my.callback.qltest", "A", False, "applyConverter1", "(Object,Converter1)", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/dataflow/collections/containerflow.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["", "B", False, "readElement", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/dataflow/external-models/sinks.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: sinkModel
data:
- ["my.qltest", "B", False, "sink1", "(Object)", "", "Argument[0]", "qltest", "manual"]

2
java/ql/test/library-tests/dataflow/external-models/srcs.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: sourceModel
data:
- ["my.qltest", "A", False, "src1", "()", "", "ReturnValue", "qltest", "manual"]

2
java/ql/test/library-tests/dataflow/external-models/steps.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["my.qltest", "C", False, "stepArgRes", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]

2
java/ql/test/library-tests/dataflow/synth-global/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["my.qltest.synth", "A", False, "storeInArray", "(String)", "", "Argument[0]", "SyntheticGlobal[db1].ArrayElement", "value", "manual"]

38
java/ql/test/library-tests/dataflow/taint-gson/Test.java Normal file
View File

@@ -0,0 +1,38 @@
import com.google.gson.Gson;
public class Test {
public static class Potato {
private String name;
private Potato inner;
private Object object;
private String getName() {
return name;
}
private Potato getInner() {
return inner;
}
private Object getObject() {
return object;
}
}
public static String source() {
return "";
}
public static void sink(Object any) {}
public static void gsonfromJson() throws Exception {
String s = source();
Potato tainted = new Gson().fromJson(s, Potato.class);
sink(tainted); // $ hasTaintFlow
sink(tainted.getName()); // $ hasTaintFlow
sink(tainted.getInner()); // $ hasTaintFlow
sink(tainted.getInner().getName()); // $ hasTaintFlow
sink(tainted.getObject()); // $ hasTaintFlow
}
}

0
java/ql/test/library-tests/dataflow/taint-gson/dataFlow.expected Normal file
View File

2
java/ql/test/library-tests/dataflow/taint-gson/dataFlow.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

1
java/ql/test/library-tests/dataflow/taint-gson/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/gson-2.8.6

25
java/ql/test/library-tests/dataflow/taintsources/PlayMvc.java Normal file
View File

@@ -0,0 +1,25 @@
import play.mvc.Http;
public class PlayMvc {
private Http.Request request;
private Http.RequestHeader header;
private static void sink(Object o) {}
public void test() throws Exception {
sink(request.body()); // $ hasRemoteValueFlow
sink(header.cookie(null)); // $ hasRemoteValueFlow
sink(header.cookies()); // $ hasRemoteValueFlow
sink(header.getHeader(null)); // $ hasRemoteValueFlow
sink(header.getHeaders()); // $ hasRemoteValueFlow
sink(header.getQueryString(null)); // $ hasRemoteValueFlow
sink(header.header(null)); // $ hasRemoteValueFlow
sink(header.headers()); // $ hasRemoteValueFlow
sink(header.host()); // $ hasRemoteValueFlow
sink(header.path()); // $ hasRemoteValueFlow
sink(header.queryString()); // $ hasRemoteValueFlow
sink(header.remoteAddress()); // $ hasRemoteValueFlow
sink(header.uri()); // $ hasRemoteValueFlow
}
}

2
java/ql/test/library-tests/frameworks/android/content-provider-summaries/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/android/intent/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newBundleWithMapValue", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/android/notification/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getMapKeyDefault", "(Bundle)", "", "Argument[0].MapKey", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/apache-collections/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newRBWithMapValue", "", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/apache-http/flow.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Client", False, "getURIBuilder_pathDefault", "(Object)", "", "Argument[0].SyntheticField[org.apache.http.client.utils.URIBuilder.path]", "ReturnValue", "taint", "manual"]

468
java/ql/test/library-tests/frameworks/gson/Test.java Normal file
View File

@@ -0,0 +1,468 @@
package generatedtest;
import com.google.gson.Gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import com.google.gson.reflect.TypeToken;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Type;
import java.util.List;
import java.util.Map;
import java.util.Set;
// Test case generated by GenerateFlowTestCase.ql
public class Test {
<K> K getMapKey(Map<K,?> map) { return map.keySet().iterator().next(); }
<T> T getElement(Iterable<T> it) { return it.iterator().next(); }
<V> V getMapValue(Map<?,V> map) { return map.get(null); }
String getMapKeyDefault(JsonObject container) { return container.keySet().iterator().next(); }
<K> K getMapKeyDefault(Map.Entry<K,?> container) { return container.getKey(); }
JsonElement getMapValueDefault(JsonObject container) { return container.get(null); }
<V> V getMapValueDefault(Map.Entry<?,V> container) { return container.getValue(); }
JsonArray newWithElementDefault(String element) { JsonArray a = new JsonArray(); a.add(element); return a; }
JsonObject newWithMapKeyDefault(String key) { JsonObject o = new JsonObject(); o.add(key, (JsonElement) null); return o; }
JsonObject newWithMapValueDefault(JsonElement element) { JsonObject o = new JsonObject(); o.add(null, element); return o; }
Object source() { return null; }
void sink(Object o) { }
public void test() throws Exception {
{
// "com.google.gson.stream;JsonReader;false;nextName;;;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonReader in = (JsonReader)source();
out = in.nextName();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson.stream;JsonReader;false;nextString;;;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonReader in = (JsonReader)source();
out = in.nextString();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
out = instance.fromJson(in, (Class)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
out = instance.fromJson(in, (Type)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
out = instance.fromJson(in, (TypeToken)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
JsonReader in = (JsonReader)source();
Gson instance = null;
out = instance.fromJson(in, (Type)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
JsonReader in = (JsonReader)source();
Gson instance = null;
out = instance.fromJson(in, (TypeToken)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
Reader in = (Reader)source();
Gson instance = null;
out = instance.fromJson(in, (Class)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
Reader in = (Reader)source();
Gson instance = null;
out = instance.fromJson(in, (Type)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
Reader in = (Reader)source();
Gson instance = null;
out = instance.fromJson(in, (TypeToken)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
String in = (String)source();
Gson instance = null;
out = instance.fromJson(in, (Class)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
String in = (String)source();
Gson instance = null;
out = instance.fromJson(in, (Type)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;fromJson;;;Argument[0];ReturnValue;taint;manual"
Object out = null;
String in = (String)source();
Gson instance = null;
out = instance.fromJson(in, (TypeToken)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;newJsonReader;;;Argument[0];ReturnValue;taint;manual"
JsonReader out = null;
Reader in = (Reader)source();
Gson instance = null;
out = instance.newJsonReader(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;newJsonWriter;;;Argument[0];ReturnValue;taint;manual"
JsonWriter out = null;
Writer in = (Writer)source();
Gson instance = null;
out = instance.newJsonWriter(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(JsonElement);;Argument[0];ReturnValue;taint;manual"
String out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
out = instance.toJson(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(JsonElement,Appendable);;Argument[0];Argument[1];taint;manual"
Appendable out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
instance.toJson(in, out);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(JsonElement,JsonWriter);;Argument[0];Argument[1];taint;manual"
JsonWriter out = null;
JsonElement in = (JsonElement)source();
Gson instance = null;
instance.toJson(in, out);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(Object);;Argument[0];ReturnValue;taint;manual"
String out = null;
Object in = (Object)source();
Gson instance = null;
out = instance.toJson(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(Object,Appendable);;Argument[0];Argument[1];taint;manual"
Appendable out = null;
Object in = (Object)source();
Gson instance = null;
instance.toJson(in, out);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(Object,Type);;Argument[0];ReturnValue;taint;manual"
String out = null;
Object in = (Object)source();
Gson instance = null;
out = instance.toJson(in, (Type)null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(Object,Type,Appendable);;Argument[0];Argument[2];taint;manual"
Appendable out = null;
Object in = (Object)source();
Gson instance = null;
instance.toJson(in, (Type)null, out);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJson;(Object,Type,JsonWriter);;Argument[0];Argument[2];taint;manual"
JsonWriter out = null;
Object in = (Object)source();
Gson instance = null;
instance.toJson(in, (Type)null, out);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJsonTree;(Object);;Argument[0];ReturnValue;taint;manual"
JsonElement out = null;
Object in = (Object)source();
Gson instance = null;
out = instance.toJsonTree(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;Gson;false;toJsonTree;(Object,Type);;Argument[0];ReturnValue;taint;manual"
JsonElement out = null;
Object in = (Object)source();
Gson instance = null;
out = instance.toJsonTree(in, null);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
Boolean in = (Boolean)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
Character in = (Character)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
JsonElement in = (JsonElement)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
Number in = (Number)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
String in = (String)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual"
List out = null;
JsonArray in = (JsonArray)newWithElementDefault((String) source());
out = in.asList();
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual"
JsonElement out = null;
JsonArray in = (JsonArray)newWithElementDefault((String) source());
out = in.get(0);
sink(out); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;set;;;Argument[1];Argument[this].Element;value;manual"
JsonArray out = null;
JsonElement in = (JsonElement)source();
out.set(0, in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual"
byte out = 0;
JsonArray in = (JsonArray)source();
out = in.getAsByte();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual"
byte out = 0;
JsonElement in = (JsonElement)source();
out = in.getAsByte();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsByte;();;Argument[this];ReturnValue;taint;manual"
byte out = 0;
JsonPrimitive in = (JsonPrimitive)source();
out = in.getAsByte();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual"
char out = 'a';
JsonArray in = (JsonArray)source();
out = in.getAsCharacter();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual"
char out = 'a';
JsonElement in = (JsonElement)source();
out = in.getAsCharacter();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsCharacter;();;Argument[this];ReturnValue;taint;manual"
char out = 'a';
JsonPrimitive in = (JsonPrimitive)source();
out = in.getAsCharacter();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsJsonArray;();;Argument[this];ReturnValue;taint;manual"
JsonArray out = null;
JsonElement in = (JsonElement)source();
out = in.getAsJsonArray();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsJsonObject;();;Argument[this];ReturnValue;taint;manual"
JsonObject out = null;
JsonElement in = (JsonElement)source();
out = in.getAsJsonObject();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsJsonPrimitive;();;Argument[this];ReturnValue;taint;manual"
JsonPrimitive out = null;
JsonElement in = (JsonElement)source();
out = in.getAsJsonPrimitive();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonArray in = (JsonArray)source();
out = in.getAsString();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonElement in = (JsonElement)source();
out = in.getAsString();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;getAsString;();;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonPrimitive in = (JsonPrimitive)source();
out = in.getAsString();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonElement;true;toString;();;Argument[this];ReturnValue;taint;manual"
String out = null;
JsonElement in = (JsonElement)source();
out = in.toString();
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonObject;true;add;;;Argument[0];Argument[this].MapKey;value;manual"
JsonObject out = null;
String in = (String)source();
out.add(in, null);
sink(getMapKeyDefault(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;add;;;Argument[1];Argument[this].MapValue;value;manual"
JsonObject out = null;
JsonElement in = (JsonElement)source();
out.add(null, in);
sink(getMapValueDefault(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;addProperty;(String,String);;Argument[0];Argument[this].MapKey;value;manual"
JsonObject out = null;
String in = (String)source();
out.addProperty(in, (String)null);
sink(getMapKeyDefault(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;addProperty;(String,String);;Argument[1];Argument[this].MapValue;value;manual"
JsonObject out = null;
String in = (String)source();
out.addProperty((String)null, in);
sink(getMapValueDefault(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;asMap;;;Argument[this].MapKey;ReturnValue.MapKey;value;manual"
Map out = null;
JsonObject in = (JsonObject)newWithMapKeyDefault((String) source());
out = in.asMap();
sink(getMapKey(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;asMap;;;Argument[this].MapValue;ReturnValue.MapValue;value;manual"
Map out = null;
JsonObject in = (JsonObject)newWithMapValueDefault((JsonElement) source());
out = in.asMap();
sink(getMapValue(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;entrySet;;;Argument[this].MapKey;ReturnValue.Element.MapKey;value;manual"
Set<Map.Entry<String,JsonElement>> out = null;
JsonObject in = (JsonObject)newWithMapKeyDefault((String) source());
out = in.entrySet();
sink(getMapKeyDefault(getElement(out))); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;entrySet;;;Argument[this].MapKey;ReturnValue.Element.MapValue;value;manual"
Set<Map.Entry<String,JsonElement>> out = null;
JsonObject in = (JsonObject) newWithMapKeyDefault((String) source());
out = in.entrySet();
sink(getMapValueDefault(getElement(out))); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;get;;;Argument[this].MapValue;ReturnValue;value;manual"
JsonElement out = null;
JsonObject in = (JsonObject)newWithMapValueDefault((JsonElement) source());
out = in.get(null);
sink(out); // $ hasValueFlow
}
{
// "com.google.gson;JsonObject;true;keySet;;;Argument[this].MapKey;ReturnValue.Element;value;manual"
Set out = null;
JsonObject in = (JsonObject)newWithMapKeyDefault((String) source());
out = in.keySet();
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonPrimitive;true;JsonPrimitive;(Character);;Argument[0];Argument[this];taint;manual"
JsonPrimitive out = null;
Character in = (Character)source();
out = new JsonPrimitive(in);
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonPrimitive;true;JsonPrimitive;(String);;Argument[0];Argument[this];taint;manual"
JsonPrimitive out = null;
String in = (String)source();
out = new JsonPrimitive(in);
sink(out); // $ hasTaintFlow
}
}
}

1
java/ql/test/library-tests/frameworks/gson/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/gson-2.8.6

0
java/ql/test/library-tests/frameworks/gson/test.expected Normal file
View File

2
java/ql/test/library-tests/frameworks/gson/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

2
java/ql/test/library-tests/frameworks/guava/generated/collect/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newWithElementDefault", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"]

2
java/ql/test/library-tests/frameworks/jdk/java.io/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getThrowable_messageDefault", "(Object)", "", "Argument[0].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]

2
java/ql/test/library-tests/frameworks/netty/generated/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "newWithMapValueDefault", "(Object)", "", "Argument[0]", "ReturnValue.MapValue", "value", "manual"]

4
java/ql/test/library-tests/frameworks/okhttp/test.ql
View File

@@ -5,7 +5,9 @@ import TestUtilities.InlineFlowTest
module OkHttpFlowConfig implements DataFlow::ConfigSig {
predicate isSource = DefaultFlowConfig::isSource/1;
predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) or sinkNode(n, "open-url") }
predicate isSink(DataFlow::Node n) {
DefaultFlowConfig::isSink(n) or sinkNode(n, "request-forgery")
}
}
module OkHttpFlow = DataFlow::Global<OkHttpFlowConfig>;

194
java/ql/test/library-tests/frameworks/play/mad/Test.java Normal file
View File

@@ -0,0 +1,194 @@
package generatedtest;
import akka.util.ByteString;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.File;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import org.w3c.dom.Document;
import play.mvc.Http;
// Test case generated by GenerateFlowTestCase.ql
public class Test {
Object source() {
return null;
}
void sink(Object o) {}
public void test() throws Exception {
{
// "play.mvc;Http$Cookie;true;name;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.Cookie in = (Http.Cookie) source();
out = in.name();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$Cookie;true;value;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.Cookie in = (Http.Cookie) source();
out = in.value();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$Cookies;true;get;;;Argument[this];ReturnValue;taint;manual"
Http.Cookie out = null;
Http.Cookies in = (Http.Cookies) source();
out = in.get(null);
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$Cookies;true;getCookie;;;Argument[this];ReturnValue;taint;manual"
Optional out = null;
Http.Cookies in = (Http.Cookies) source();
out = in.getCookie(null);
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData$FilePart;true;getContentType;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
out = in.getContentType();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData$FilePart;true;getDispositionType;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
out = in.getDispositionType();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData$FilePart;true;getFilename;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
out = in.getFilename();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData$FilePart;true;getKey;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
out = in.getKey();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData$FilePart;true;getRef;;;Argument[this];ReturnValue;taint;manual"
Object out = null;
Http.MultipartFormData.FilePart in = (Http.MultipartFormData.FilePart) source();
out = in.getRef();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual"
Map out = null;
Http.MultipartFormData in = (Http.MultipartFormData) source();
out = in.asFormUrlEncoded();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData;true;getFile;;;Argument[this];ReturnValue;taint;manual"
Http.MultipartFormData.FilePart out = null;
Http.MultipartFormData in = (Http.MultipartFormData) source();
out = in.getFile(null);
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$MultipartFormData;true;getFiles;;;Argument[this];ReturnValue;taint;manual"
List out = null;
Http.MultipartFormData in = (Http.MultipartFormData) source();
out = in.getFiles();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
ByteString out = null;
Http.RawBuffer in = (Http.RawBuffer) source();
out = in.asBytes();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RawBuffer;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
ByteString out = null;
Http.RawBuffer in = (Http.RawBuffer) source();
out = in.asBytes(0);
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RawBuffer;true;asFile;;;Argument[this];ReturnValue;taint;manual"
File out = null;
Http.RawBuffer in = (Http.RawBuffer) source();
out = in.asFile();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;as;;;Argument[this];ReturnValue;taint;manual"
Object out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.as(null);
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asBytes;;;Argument[this];ReturnValue;taint;manual"
ByteString out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asBytes();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asFormUrlEncoded;;;Argument[this];ReturnValue;taint;manual"
Map out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asFormUrlEncoded();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asJson;;;Argument[this];ReturnValue;taint;manual"
JsonNode out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asJson();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asMultipartFormData;;;Argument[this];ReturnValue;taint;manual"
Http.MultipartFormData out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asMultipartFormData();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asRaw;;;Argument[this];ReturnValue;taint;manual"
Http.RawBuffer out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asRaw();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asText;;;Argument[this];ReturnValue;taint;manual"
String out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asText();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;asXml;;;Argument[this];ReturnValue;taint;manual"
Document out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.asXml();
sink(out); // $ hasTaintFlow
}
{
// "play.mvc;Http$RequestBody;true;parseJson;;;Argument[this];ReturnValue;taint;manual"
Optional out = null;
Http.RequestBody in = (Http.RequestBody) source();
out = in.parseJson(null);
sink(out); // $ hasTaintFlow
}
}
}

0
java/ql/test/library-tests/frameworks/play/test.expected Normal file
View File

2
java/ql/test/library-tests/frameworks/play/test.ql Normal file
View File

@@ -0,0 +1,2 @@
import java
import TestUtilities.InlineFlowTest

4
java/ql/test/library-tests/frameworks/retrofit/test.ql
View File

@@ -5,7 +5,9 @@ import TestUtilities.InlineFlowTest
module FlowConfig implements DataFlow::ConfigSig {
predicate isSource = DefaultFlowConfig::isSource/1;
predicate isSink(DataFlow::Node n) { DefaultFlowConfig::isSink(n) or sinkNode(n, "open-url") }
predicate isSink(DataFlow::Node n) {
DefaultFlowConfig::isSink(n) or sinkNode(n, "request-forgery")
}
}
module Flow = DataFlow::Global<FlowConfig>;

2
java/ql/test/library-tests/frameworks/stream/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getElementSpliterator", "(Spliterator)", "", "Argument[0].Element", "ReturnValue", "value", "manual"]

0
java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.expected Normal file
View File

40
java/ql/test/library-tests/neutrals/neutralsinks/NeutralSinksTest.ql Normal file
View File

@@ -0,0 +1,40 @@
import java
import TestUtilities.InlineExpectationsTest
import semmle.code.java.dataflow.DataFlow
import semmle.code.java.dataflow.ExternalFlow
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
class SinkTest extends InlineExpectationsTest {
SinkTest() { this = "SinkTest" }
override string getARelevantTag() { result = "isSink" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "isSink" and
exists(DataFlow::Node sink |
sinkNode(sink, _) and
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}
class NeutralSinkTest extends InlineExpectationsTest {
NeutralSinkTest() { this = "NeutralSinkTest" }
override string getARelevantTag() { result = "isNeutralSink" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "isNeutralSink" and
exists(Call call, Callable callable |
call.getCallee() = callable and
neutralModel(callable.getDeclaringType().getCompilationUnit().getPackage().getName(),
callable.getDeclaringType().getSourceDeclaration().nestedName(), callable.getName(),
[paramsString(callable), ""], "sink", _) and
call.getLocation() = location and
element = call.toString() and
value = ""
)
}
}

61
java/ql/test/library-tests/neutrals/neutralsinks/Test.java Normal file
View File

@@ -0,0 +1,61 @@
import java.io.File;
import java.nio.file.Files;
import java.nio.file.spi.FileSystemProvider;
import java.nio.file.LinkOption;
import java.text.Collator;
import java.text.RuleBasedCollator;
import java.util.prefs.AbstractPreferences;
import java.util.prefs.Preferences;
import org.apache.hc.client5.http.protocol.RedirectLocations;
public class Test {
public void test() throws Exception {
// java.io
File file = null;
file.exists(); // $ isNeutralSink
file.compareTo(null); // $ isNeutralSink
// java.nio.file
Files.exists(null, (LinkOption[])null); // $ isNeutralSink
Files.getLastModifiedTime(null, (LinkOption[])null); // $ isNeutralSink
Files.getOwner(null, (LinkOption[])null); // $ isNeutralSink
Files.getPosixFilePermissions(null, (LinkOption[])null); // $ isNeutralSink
Files.isDirectory(null, (LinkOption[])null); // $ isNeutralSink
Files.isExecutable(null); // $ isNeutralSink
Files.isHidden(null); // $ isNeutralSink
Files.isReadable(null); // $ isNeutralSink
Files.isRegularFile(null, (LinkOption[])null); // $ isNeutralSink
Files.isSameFile(null, null); // $ isNeutralSink
Files.isSymbolicLink(null); // $ isNeutralSink
Files.isWritable(null); // $ isNeutralSink
Files.notExists(null, (LinkOption[])null); // $ isNeutralSink
Files.setLastModifiedTime(null, null); // $ isNeutralSink
Files.size(null); // $ isNeutralSink
// java.nio.file.spi
FileSystemProvider fsp = null;
fsp.isHidden(null); // $ isNeutralSink
fsp.isSameFile(null, null); // $ isNeutralSink
// java.text
Collator c = null;
c.compare(null, null); // $ isNeutralSink
c.equals(null); // $ isNeutralSink
c.equals(null, null); // $ isNeutralSink
RuleBasedCollator rbc = null;
rbc.compare(null, null); // $ isNeutralSink
// java.util.prefs
AbstractPreferences ap = null;
ap.nodeExists(null); // $ isNeutralSink
Preferences p = null;
p.nodeExists(null); // $ isNeutralSink
// org.apache.hc.client5.http.protocol
RedirectLocations rl = null;
rl.contains(null); // $ isNeutralSink
}
}

1
java/ql/test/library-tests/neutrals/neutralsinks/options Normal file
View File

@@ -0,0 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/apache-http-5

2
java/ql/test/library-tests/optional/test.ext.yml
View File

@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-tests
pack: codeql/java-all
extensible: summaryModel
data:
- ["generatedtest", "Test", False, "getStreamElement", "", "", "Argument[0].Element", "ReturnValue", "value", "manual"]

12
java/ql/test/query-tests/security/CWE-918/mad/Test.java
View File

@@ -9,6 +9,8 @@ import javafx.scene.web.WebEngine;
import org.apache.commons.jelly.JellyContext;
import org.codehaus.cargo.container.installer.ZipURLInstaller;
import org.kohsuke.stapler.HttpResponses;
import play.libs.ws.WSClient;
import play.libs.ws.StandaloneWSClient;
public class Test {
@@ -74,4 +76,14 @@ public class Test {
r.staticResource((URL) source()); // $ SSRF
}
public void test(WSClient c) {
// "play.libs.ws;WSClient;true;url;;;Argument[0];open-url;manual"
c.url((String) source()); // $ SSRF
}
public void test(StandaloneWSClient c) {
// "play.libs.ws;StandaloneWSClient;true;url;;;Argument[0];open-url;manual"
c.url((String) source()); // $ SSRF
}
}

2
java/ql/test/query-tests/security/CWE-918/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x

111
java/ql/test/stubs/apache-http-5/org/apache/hc/client5/http/protocol/RedirectLocations.java generated Normal file
View File

@@ -0,0 +1,111 @@
/*
* ====================================================================
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
* ====================================================================
*
* This software consists of voluntary contributions made by many
* individuals on behalf of the Apache Software Foundation. For more
* information on the Apache Software Foundation, please see
* <http://www.apache.org/>.
*
*/
package org.apache.hc.client5.http.protocol;
import java.net.URI;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
/**
* This class represents a collection of {@link java.net.URI}s used
* as redirect locations.
*
* @since 4.0
*/
public final class RedirectLocations {
private final Set<URI> unique;
private final List<URI> all;
public RedirectLocations() {
super();
this.unique = new HashSet<>();
this.all = new ArrayList<>();
}
/**
* Test if the URI is present in the collection.
*/
public boolean contains(final URI uri) {
return this.unique.contains(uri);
}
/**
* Adds a new URI to the collection.
*/
public void add(final URI uri) {
this.unique.add(uri);
this.all.add(uri);
}
/**
* Returns all redirect {@link URI}s in the order they were added to the collection.
*
* @return list of all URIs
*
* @since 4.1
*/
public List<URI> getAll() {
return new ArrayList<>(this.all);
}
/**
* Returns the URI at the specified position in this list.
*
* @param index
* index of the location to return
* @return the URI at the specified position in this list
* @throws IndexOutOfBoundsException
* if the index is out of range (
* {@code index &lt; 0 || index &gt;= size()})
* @since 4.3
*/
public URI get(final int index) {
return this.all.get(index);
}
/**
* Returns the number of elements in this list. If this list contains more
* than {@code Integer.MAX_VALUE} elements, returns
* {@code Integer.MAX_VALUE}.
*
* @return the number of elements in this list
* @since 4.3
*/
public int size() {
return this.all.size();
}
public void clear() {
unique.clear();
all.clear();
}
}

11
java/ql/test/stubs/gson-2.8.6/com/google/gson/ExclusionStrategy.java generated Normal file
View File

@@ -0,0 +1,11 @@
// Generated automatically from com.google.gson.ExclusionStrategy for testing purposes
package com.google.gson;
import com.google.gson.FieldAttributes;
public interface ExclusionStrategy
{
boolean shouldSkipClass(Class<? extends Object> p0);
boolean shouldSkipField(FieldAttributes p0);
}

22
java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldAttributes.java generated Normal file
View File

@@ -0,0 +1,22 @@
// Generated automatically from com.google.gson.FieldAttributes for testing purposes
package com.google.gson;
import java.lang.annotation.Annotation;
import java.lang.reflect.Field;
import java.lang.reflect.Type;
import java.util.Collection;
public class FieldAttributes
{
protected FieldAttributes() {}
public <T extends Annotation> T getAnnotation(java.lang.Class<T> p0){ return null; }
public Class<? extends Object> getDeclaredClass(){ return null; }
public Class<? extends Object> getDeclaringClass(){ return null; }
public Collection<Annotation> getAnnotations(){ return null; }
public FieldAttributes(Field p0){}
public String getName(){ return null; }
public String toString(){ return null; }
public Type getDeclaredType(){ return null; }
public boolean hasModifier(int p0){ return false; }
}

10
java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingPolicy.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from com.google.gson.FieldNamingPolicy for testing purposes
package com.google.gson;
public enum FieldNamingPolicy {
IDENTITY, LOWER_CASE_WITH_DASHES, LOWER_CASE_WITH_DOTS, LOWER_CASE_WITH_UNDERSCORES, UPPER_CAMEL_CASE, UPPER_CAMEL_CASE_WITH_SPACES, UPPER_CASE_WITH_UNDERSCORES;
private FieldNamingPolicy() {}
}

10
java/ql/test/stubs/gson-2.8.6/com/google/gson/FieldNamingStrategy.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from com.google.gson.FieldNamingStrategy for testing purposes
package com.google.gson;
import java.lang.reflect.Field;
public interface FieldNamingStrategy
{
String translateName(Field p0);
}

81
java/ql/test/stubs/gson-2.8.6/com/google/gson/Gson.java generated
View File

@@ -1,38 +1,53 @@
// Generated automatically from com.google.gson.Gson for testing purposes
package com.google.gson;
import java.lang.reflect.Type;
import java.io.Reader;
import com.google.gson.FieldNamingStrategy;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.TypeAdapter;
import com.google.gson.TypeAdapterFactory;
import com.google.gson.internal.Excluder;
import com.google.gson.reflect.TypeToken;
import com.google.gson.stream.JsonReader;
import com.google.gson.stream.JsonWriter;
import java.io.Reader;
import java.io.Writer;
import java.lang.reflect.Type;
public final class Gson {
public Gson() {
}
public String toJson(Object src) {
return null;
}
public String toJson(Object src, Type typeOfSrc) {
return null;
}
public <T> T fromJson(String json, Class<T> classOfT) throws JsonSyntaxException {
return null;
}
public <T> T fromJson(String json, Type typeOfT) throws JsonSyntaxException {
return null;
}
public <T> T fromJson(Reader json, Class<T> classOfT) throws JsonSyntaxException, JsonIOException {
return null;
}
public <T> T fromJson(Reader json, Type typeOfT) throws JsonIOException, JsonSyntaxException {
return null;
}
public <T> T fromJson(JsonReader reader, Type typeOfT) throws JsonIOException, JsonSyntaxException {
return null;
}
public class Gson
{
public <T> T fromJson(JsonElement p0, Type p1){ return null; }
public <T> T fromJson(JsonElement p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public <T> T fromJson(JsonElement p0, java.lang.Class<T> p1){ return null; }
public <T> T fromJson(JsonReader p0, Type p1){ return null; }
public <T> T fromJson(JsonReader p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public <T> T fromJson(Reader p0, Type p1){ return null; }
public <T> T fromJson(Reader p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public <T> T fromJson(Reader p0, java.lang.Class<T> p1){ return null; }
public <T> T fromJson(String p0, Type p1){ return null; }
public <T> T fromJson(String p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public <T> T fromJson(String p0, java.lang.Class<T> p1){ return null; }
public <T> com.google.gson.TypeAdapter<T> getAdapter(com.google.gson.reflect.TypeToken<T> p0){ return null; }
public <T> com.google.gson.TypeAdapter<T> getAdapter(java.lang.Class<T> p0){ return null; }
public <T> com.google.gson.TypeAdapter<T> getDelegateAdapter(TypeAdapterFactory p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public Excluder excluder(){ return null; }
public FieldNamingStrategy fieldNamingStrategy(){ return null; }
public Gson(){}
public GsonBuilder newBuilder(){ return null; }
public JsonElement toJsonTree(Object p0){ return null; }
public JsonElement toJsonTree(Object p0, Type p1){ return null; }
public JsonReader newJsonReader(Reader p0){ return null; }
public JsonWriter newJsonWriter(Writer p0){ return null; }
public String toJson(JsonElement p0){ return null; }
public String toJson(Object p0){ return null; }
public String toJson(Object p0, Type p1){ return null; }
public String toString(){ return null; }
public boolean htmlSafe(){ return false; }
public boolean serializeNulls(){ return false; }
public void toJson(JsonElement p0, Appendable p1){}
public void toJson(JsonElement p0, JsonWriter p1){}
public void toJson(Object p0, Appendable p1){}
public void toJson(Object p0, Type p1, Appendable p2){}
public void toJson(Object p0, Type p1, JsonWriter p2){}
}

135
java/ql/test/stubs/gson-2.8.6/com/google/gson/GsonBuilder.java generated
View File

@@ -1,99 +1,46 @@
/*
* Copyright (C) 2008 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Generated automatically from com.google.gson.GsonBuilder for testing purposes
package com.google.gson;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldNamingPolicy;
import com.google.gson.FieldNamingStrategy;
import com.google.gson.Gson;
import com.google.gson.LongSerializationPolicy;
import com.google.gson.ReflectionAccessFilter;
import com.google.gson.ToNumberStrategy;
import com.google.gson.TypeAdapterFactory;
import java.lang.reflect.Type;
public final class GsonBuilder {
/**
* Creates a GsonBuilder instance that can be used to build Gson with various configuration
* settings. GsonBuilder follows the builder pattern, and it is typically used by first
* invoking various configuration methods to set desired options, and finally calling
* {@link #create()}.
*/
public GsonBuilder() {
}
/**
* Constructs a GsonBuilder instance from a Gson instance. The newly constructed GsonBuilder
* has the same configuration as the previously built Gson instance.
*
* @param gson the gson instance whose configuration should by applied to a new GsonBuilder.
*/
GsonBuilder(Gson gson) {
}
/**
* Configures Gson for custom serialization or deserialization. This method combines the
* registration of an {@link TypeAdapter}, {@link InstanceCreator}, {@link JsonSerializer}, and a
* {@link JsonDeserializer}. It is best used when a single object {@code typeAdapter} implements
* all the required interfaces for custom serialization with Gson. If a type adapter was
* previously registered for the specified {@code type}, it is overwritten.
*
* <p>This registers the type specified and no other types: you must manually register related
* types! For example, applications registering {@code boolean.class} should also register {@code
* Boolean.class}.
*
* @param type the type definition for the type adapter being registered
* @param typeAdapter This object must implement at least one of the {@link TypeAdapter},
* {@link InstanceCreator}, {@link JsonSerializer}, and a {@link JsonDeserializer} interfaces.
* @return a reference to this {@code GsonBuilder} object to fulfill the "Builder" pattern
*/
public GsonBuilder registerTypeAdapter(Type type, Object typeAdapter) {
return null;
}
/**
* Register a factory for type adapters. Registering a factory is useful when the type
* adapter needs to be configured based on the type of the field being processed. Gson
* is designed to handle a large number of factories, so you should consider registering
* them to be at par with registering an individual type adapter.
*
* @since 2.1
*/
public GsonBuilder registerTypeAdapterFactory(TypeAdapterFactory factory) {
return null;
}
/**
* Configures Gson for custom serialization or deserialization for an inheritance type hierarchy.
* This method combines the registration of a {@link TypeAdapter}, {@link JsonSerializer} and
* a {@link JsonDeserializer}. If a type adapter was previously registered for the specified
* type hierarchy, it is overridden. If a type adapter is registered for a specific type in
* the type hierarchy, it will be invoked instead of the one registered for the type hierarchy.
*
* @param baseType the class definition for the type adapter being registered for the base class
* or interface
* @param typeAdapter This object must implement at least one of {@link TypeAdapter},
* {@link JsonSerializer} or {@link JsonDeserializer} interfaces.
* @return a reference to this {@code GsonBuilder} object to fulfill the "Builder" pattern
* @since 1.7
*/
public GsonBuilder registerTypeHierarchyAdapter(Class<?> baseType, Object typeAdapter) {
return null;
}
/**
* Creates a {@link Gson} instance based on the current configuration. This method is free of
* side-effects to this {@code GsonBuilder} instance and hence can be called multiple times.
*
* @return an instance of Gson configured with the options currently set in this builder
*/
public Gson create() {
return null;
}
}
public class GsonBuilder
{
public Gson create(){ return null; }
public GsonBuilder addDeserializationExclusionStrategy(ExclusionStrategy p0){ return null; }
public GsonBuilder addReflectionAccessFilter(ReflectionAccessFilter p0){ return null; }
public GsonBuilder addSerializationExclusionStrategy(ExclusionStrategy p0){ return null; }
public GsonBuilder disableHtmlEscaping(){ return null; }
public GsonBuilder disableInnerClassSerialization(){ return null; }
public GsonBuilder disableJdkUnsafe(){ return null; }
public GsonBuilder enableComplexMapKeySerialization(){ return null; }
public GsonBuilder excludeFieldsWithModifiers(int... p0){ return null; }
public GsonBuilder excludeFieldsWithoutExposeAnnotation(){ return null; }
public GsonBuilder generateNonExecutableJson(){ return null; }
public GsonBuilder registerTypeAdapter(Type p0, Object p1){ return null; }
public GsonBuilder registerTypeAdapterFactory(TypeAdapterFactory p0){ return null; }
public GsonBuilder registerTypeHierarchyAdapter(Class<? extends Object> p0, Object p1){ return null; }
public GsonBuilder serializeNulls(){ return null; }
public GsonBuilder serializeSpecialFloatingPointValues(){ return null; }
public GsonBuilder setDateFormat(String p0){ return null; }
public GsonBuilder setDateFormat(int p0){ return null; }
public GsonBuilder setDateFormat(int p0, int p1){ return null; }
public GsonBuilder setExclusionStrategies(ExclusionStrategy... p0){ return null; }
public GsonBuilder setFieldNamingPolicy(FieldNamingPolicy p0){ return null; }
public GsonBuilder setFieldNamingStrategy(FieldNamingStrategy p0){ return null; }
public GsonBuilder setLenient(){ return null; }
public GsonBuilder setLongSerializationPolicy(LongSerializationPolicy p0){ return null; }
public GsonBuilder setNumberToNumberStrategy(ToNumberStrategy p0){ return null; }
public GsonBuilder setObjectToNumberStrategy(ToNumberStrategy p0){ return null; }
public GsonBuilder setPrettyPrinting(){ return null; }
public GsonBuilder setVersion(double p0){ return null; }
public GsonBuilder(){}
}

45
java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonArray.java generated Normal file
View File

@@ -0,0 +1,45 @@
// Generated automatically from com.google.gson.JsonArray for testing purposes
package com.google.gson;
import com.google.gson.JsonElement;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.util.Iterator;
import java.util.List;
public class JsonArray extends JsonElement implements Iterable<JsonElement>
{
public BigDecimal getAsBigDecimal(){ return null; }
public BigInteger getAsBigInteger(){ return null; }
public Iterator<JsonElement> iterator(){ return null; }
public JsonArray deepCopy(){ return null; }
public JsonArray(){}
public JsonArray(int p0){}
public JsonElement get(int p0){ return null; }
public JsonElement remove(int p0){ return null; }
public JsonElement set(int p0, JsonElement p1){ return null; }
public List<JsonElement> asList(){ return null; }
public Number getAsNumber(){ return null; }
public String getAsString(){ return null; }
public boolean contains(JsonElement p0){ return false; }
public boolean equals(Object p0){ return false; }
public boolean getAsBoolean(){ return false; }
public boolean isEmpty(){ return false; }
public boolean remove(JsonElement p0){ return false; }
public byte getAsByte(){ return 0; }
public char getAsCharacter(){ return '0'; }
public double getAsDouble(){ return 0; }
public float getAsFloat(){ return 0; }
public int getAsInt(){ return 0; }
public int hashCode(){ return 0; }
public int size(){ return 0; }
public long getAsLong(){ return 0; }
public short getAsShort(){ return 0; }
public void add(Boolean p0){}
public void add(Character p0){}
public void add(JsonElement p0){}
public void add(Number p0){}
public void add(String p0){}
public void addAll(JsonArray p0){}
}

37
java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonElement.java generated Normal file
View File

@@ -0,0 +1,37 @@
// Generated automatically from com.google.gson.JsonElement for testing purposes
package com.google.gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonNull;
import com.google.gson.JsonObject;
import com.google.gson.JsonPrimitive;
import java.math.BigDecimal;
import java.math.BigInteger;
abstract public class JsonElement
{
public BigDecimal getAsBigDecimal(){ return null; }
public BigInteger getAsBigInteger(){ return null; }
public JsonArray getAsJsonArray(){ return null; }
public JsonElement(){}
public JsonNull getAsJsonNull(){ return null; }
public JsonObject getAsJsonObject(){ return null; }
public JsonPrimitive getAsJsonPrimitive(){ return null; }
public Number getAsNumber(){ return null; }
public String getAsString(){ return null; }
public String toString(){ return null; }
public abstract JsonElement deepCopy();
public boolean getAsBoolean(){ return false; }
public boolean isJsonArray(){ return false; }
public boolean isJsonNull(){ return false; }
public boolean isJsonObject(){ return false; }
public boolean isJsonPrimitive(){ return false; }
public byte getAsByte(){ return 0; }
public char getAsCharacter(){ return '0'; }
public double getAsDouble(){ return 0; }
public float getAsFloat(){ return 0; }
public int getAsInt(){ return 0; }
public long getAsLong(){ return 0; }
public short getAsShort(){ return 0; }
}

14
java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonNull.java generated Normal file
View File

@@ -0,0 +1,14 @@
// Generated automatically from com.google.gson.JsonNull for testing purposes
package com.google.gson;
import com.google.gson.JsonElement;
public class JsonNull extends JsonElement
{
public JsonNull deepCopy(){ return null; }
public JsonNull(){}
public boolean equals(Object p0){ return false; }
public int hashCode(){ return 0; }
public static JsonNull INSTANCE = null;
}

33
java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonObject.java generated Normal file
View File

@@ -0,0 +1,33 @@
// Generated automatically from com.google.gson.JsonObject for testing purposes
package com.google.gson;
import com.google.gson.JsonArray;
import com.google.gson.JsonElement;
import com.google.gson.JsonPrimitive;
import java.util.Map;
import java.util.Set;
public class JsonObject extends JsonElement
{
public JsonArray getAsJsonArray(String p0){ return null; }
public JsonElement get(String p0){ return null; }
public JsonElement remove(String p0){ return null; }
public JsonObject deepCopy(){ return null; }
public JsonObject getAsJsonObject(String p0){ return null; }
public JsonObject(){}
public JsonPrimitive getAsJsonPrimitive(String p0){ return null; }
public Map<String, JsonElement> asMap(){ return null; }
public Set<Map.Entry<String, JsonElement>> entrySet(){ return null; }
public Set<String> keySet(){ return null; }
public boolean equals(Object p0){ return false; }
public boolean has(String p0){ return false; }
public boolean isEmpty(){ return false; }
public int hashCode(){ return 0; }
public int size(){ return 0; }
public void add(String p0, JsonElement p1){}
public void addProperty(String p0, Boolean p1){}
public void addProperty(String p0, Character p1){}
public void addProperty(String p0, Number p1){}
public void addProperty(String p0, String p1){}
}

34
java/ql/test/stubs/gson-2.8.6/com/google/gson/JsonPrimitive.java generated Normal file
View File

@@ -0,0 +1,34 @@
// Generated automatically from com.google.gson.JsonPrimitive for testing purposes
package com.google.gson;
import com.google.gson.JsonElement;
import java.math.BigDecimal;
import java.math.BigInteger;
public class JsonPrimitive extends JsonElement
{
protected JsonPrimitive() {}
public BigDecimal getAsBigDecimal(){ return null; }
public BigInteger getAsBigInteger(){ return null; }
public JsonPrimitive deepCopy(){ return null; }
public JsonPrimitive(Boolean p0){}
public JsonPrimitive(Character p0){}
public JsonPrimitive(Number p0){}
public JsonPrimitive(String p0){}
public Number getAsNumber(){ return null; }
public String getAsString(){ return null; }
public boolean equals(Object p0){ return false; }
public boolean getAsBoolean(){ return false; }
public boolean isBoolean(){ return false; }
public boolean isNumber(){ return false; }
public boolean isString(){ return false; }
public byte getAsByte(){ return 0; }
public char getAsCharacter(){ return '0'; }
public double getAsDouble(){ return 0; }
public float getAsFloat(){ return 0; }
public int getAsInt(){ return 0; }
public int hashCode(){ return 0; }
public long getAsLong(){ return 0; }
public short getAsShort(){ return 0; }
}

24
java/ql/test/stubs/gson-2.8.6/com/google/gson/LongSerializationPolicy.java generated Normal file
View File

@@ -0,0 +1,24 @@
// Generated automatically from com.google.gson.LongSerializationPolicy for testing purposes
package com.google.gson;
import com.google.gson.JsonElement;
public enum LongSerializationPolicy {
DEFAULT {
@Override
public JsonElement serialize(Long p0) {
return null;
}
},
STRING {
@Override
public JsonElement serialize(Long p0) {
return null;
}
};
private LongSerializationPolicy() {}
public abstract JsonElement serialize(Long p0);
}

18
java/ql/test/stubs/gson-2.8.6/com/google/gson/ReflectionAccessFilter.java generated Normal file
View File

@@ -0,0 +1,18 @@
// Generated automatically from com.google.gson.ReflectionAccessFilter for testing purposes
package com.google.gson;
public interface ReflectionAccessFilter
{
ReflectionAccessFilter.FilterResult check(Class<? extends Object> p0);
static ReflectionAccessFilter BLOCK_ALL_ANDROID = null;
static ReflectionAccessFilter BLOCK_ALL_JAVA = null;
static ReflectionAccessFilter BLOCK_ALL_PLATFORM = null;
static ReflectionAccessFilter BLOCK_INACCESSIBLE_JAVA = null;
static public enum FilterResult
{
ALLOW, BLOCK_ALL, BLOCK_INACCESSIBLE, INDECISIVE;
private FilterResult() {}
}
}

10
java/ql/test/stubs/gson-2.8.6/com/google/gson/ToNumberStrategy.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from com.google.gson.ToNumberStrategy for testing purposes
package com.google.gson;
import com.google.gson.stream.JsonReader;
public interface ToNumberStrategy
{
Number readNumber(JsonReader p0);
}

137
java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapter.java generated
View File

@@ -1,130 +1,23 @@
/*
* Copyright (C) 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Generated automatically from com.google.gson.TypeAdapter for testing purposes
package com.google.gson;
import com.google.gson.JsonElement;
import com.google.gson.stream.JsonReader;
import java.io.IOException;
import com.google.gson.stream.JsonWriter;
import java.io.Reader;
import java.io.Writer;
public abstract class TypeAdapter<T> {
/**
* Converts {@code value} to a JSON document and writes it to {@code out}.
* Unlike Gson's similar {@link Gson#toJson(JsonElement, Appendable) toJson}
* method, this write is strict. Create a {@link
* JsonWriter#setLenient(boolean) lenient} {@code JsonWriter} and call
* {@link #write(com.google.gson.stream.JsonWriter, Object)} for lenient
* writing.
*
* @param value the Java object to convert. May be null.
* @since 2.2
*/
public final void toJson(Writer out, T value) throws IOException {
}
/**
* This wrapper method is used to make a type adapter null tolerant. In general, a
* type adapter is required to handle nulls in write and read methods. Here is how this
* is typically done:<br>
* <pre> {@code
*
* Gson gson = new GsonBuilder().registerTypeAdapter(Foo.class,
* new TypeAdapter<Foo>() {
* public Foo read(JsonReader in) throws IOException {
* if (in.peek() == JsonToken.NULL) {
* in.nextNull();
* return null;
* }
* // read a Foo from in and return it
* }
* public void write(JsonWriter out, Foo src) throws IOException {
* if (src == null) {
* out.nullValue();
* return;
* }
* // write src as JSON to out
* }
* }).create();
* }</pre>
* You can avoid this boilerplate handling of nulls by wrapping your type adapter with
* this method. Here is how we will rewrite the above example:
* <pre> {@code
*
* Gson gson = new GsonBuilder().registerTypeAdapter(Foo.class,
* new TypeAdapter<Foo>() {
* public Foo read(JsonReader in) throws IOException {
* // read a Foo from in and return it
* }
* public void write(JsonWriter out, Foo src) throws IOException {
* // write src as JSON to out
* }
* }.nullSafe()).create();
* }</pre>
* Note that we didn't need to check for nulls in our type adapter after we used nullSafe.
*/
public final TypeAdapter<T> nullSafe() {
return null;
}
/**
* Converts {@code value} to a JSON document. Unlike Gson's similar {@link
* Gson#toJson(Object) toJson} method, this write is strict. Create a {@link
* JsonWriter#setLenient(boolean) lenient} {@code JsonWriter} and call
* {@link #write(com.google.gson.stream.JsonWriter, Object)} for lenient
* writing.
*
* @param value the Java object to convert. May be null.
* @since 2.2
*/
public final String toJson(T value) {
return null;
}
/**
* Reads one JSON value (an array, object, string, number, boolean or null)
* and converts it to a Java object. Returns the converted object.
*
* @return the converted Java object. May be null.
*/
public abstract T read(JsonReader in) throws IOException;
/**
* Converts the JSON document in {@code in} to a Java object. Unlike Gson's
* similar {@link Gson#fromJson(java.io.Reader, Class) fromJson} method, this
* read is strict. Create a {@link JsonReader#setLenient(boolean) lenient}
* {@code JsonReader} and call {@link #read(JsonReader)} for lenient reading.
*
* @return the converted Java object. May be null.
* @since 2.2
*/
public final T fromJson(Reader in) throws IOException {
return null;
}
/**
* Converts the JSON document in {@code json} to a Java object. Unlike Gson's
* similar {@link Gson#fromJson(String, Class) fromJson} method, this read is
* strict. Create a {@link JsonReader#setLenient(boolean) lenient} {@code
* JsonReader} and call {@link #read(JsonReader)} for lenient reading.
*
* @return the converted Java object. May be null.
* @since 2.2
*/
public final T fromJson(String json) throws IOException {
return null;
}
abstract public class TypeAdapter<T>
{
public TypeAdapter(){}
public abstract T read(JsonReader p0);
public abstract void write(JsonWriter p0, T p1);
public final JsonElement toJsonTree(T p0){ return null; }
public final String toJson(T p0){ return null; }
public final T fromJson(Reader p0){ return null; }
public final T fromJson(String p0){ return null; }
public final T fromJsonTree(JsonElement p0){ return null; }
public final TypeAdapter<T> nullSafe(){ return null; }
public final void toJson(Writer p0, T p1){}
}

30
java/ql/test/stubs/gson-2.8.6/com/google/gson/TypeAdapterFactory.java generated
View File

@@ -1,28 +1,12 @@
/*
* Copyright (C) 2011 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Generated automatically from com.google.gson.TypeAdapterFactory for testing purposes
package com.google.gson;
import com.google.gson.Gson;
import com.google.gson.TypeAdapter;
import com.google.gson.reflect.TypeToken;
public interface TypeAdapterFactory {
/**
* Returns a type adapter for {@code type}, or null if this factory doesn't
* support {@code type}.
*/
<T> TypeAdapter<T> create(Gson gson, TypeToken<T> type);
}
public interface TypeAdapterFactory
{
<T> com.google.gson.TypeAdapter<T> create(Gson p0, com.google.gson.reflect.TypeToken<T> p1);
}

25
java/ql/test/stubs/gson-2.8.6/com/google/gson/internal/Excluder.java generated Normal file
View File

@@ -0,0 +1,25 @@
// Generated automatically from com.google.gson.internal.Excluder for testing purposes
package com.google.gson.internal;
import com.google.gson.ExclusionStrategy;
import com.google.gson.Gson;
import com.google.gson.TypeAdapter;
import com.google.gson.TypeAdapterFactory;
import com.google.gson.reflect.TypeToken;
import java.lang.reflect.Field;
public class Excluder implements Cloneable, TypeAdapterFactory
{
protected Excluder clone(){ return null; }
public <T> com.google.gson.TypeAdapter<T> create(Gson p0, com.google.gson.reflect.TypeToken<T> p1){ return null; }
public Excluder disableInnerClassSerialization(){ return null; }
public Excluder excludeFieldsWithoutExposeAnnotation(){ return null; }
public Excluder withExclusionStrategy(ExclusionStrategy p0, boolean p1, boolean p2){ return null; }
public Excluder withModifiers(int... p0){ return null; }
public Excluder withVersion(double p0){ return null; }
public Excluder(){}
public boolean excludeClass(Class<? extends Object> p0, boolean p1){ return false; }
public boolean excludeField(Field p0, boolean p1){ return false; }
public static Excluder DEFAULT = null;
}

64
java/ql/test/stubs/gson-2.8.6/com/google/gson/reflect/TypeToken.java generated
View File

@@ -1,50 +1,22 @@
/*
* Copyright (C) 2008 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
// Generated automatically from com.google.gson.reflect.TypeToken for testing purposes
package com.google.gson.reflect;
/**
* Represents a generic type {@code T}. Java doesn't yet provide a way to
* represent generic types, so this class does. Forces clients to create a
* subclass of this class which enables retrieval the type information even at
* runtime.
*
* <p>For example, to create a type literal for {@code List<String>}, you can
* create an empty anonymous inner class:
*
* <p>
* {@code TypeToken<List<String>> list = new TypeToken<List<String>>() {};}
*
* <p>This syntax cannot be used to create type literals that have wildcard
* parameters, such as {@code Class<?>} or {@code List<? extends CharSequence>}.
*
* @author Bob Lee
* @author Sven Mawson
* @author Jesse Wilson
*/
public class TypeToken<T> {
import java.lang.reflect.Type;
/**
* Constructs a new type literal. Derives represented class from type
* parameter.
*
* <p>Clients create an empty anonymous subclass. Doing so embeds the type
* parameter in the anonymous class's type hierarchy so we can reconstitute it
* at runtime despite erasure.
*/
protected TypeToken() {
}
}
public class TypeToken<T>
{
protected TypeToken(){}
public boolean isAssignableFrom(Class<? extends Object> p0){ return false; }
public boolean isAssignableFrom(Type p0){ return false; }
public boolean isAssignableFrom(TypeToken<? extends Object> p0){ return false; }
public final String toString(){ return null; }
public final Type getType(){ return null; }
public final boolean equals(Object p0){ return false; }
public final int hashCode(){ return 0; }
public final java.lang.Class<? super T> getRawType(){ return null; }
public static <T> com.google.gson.reflect.TypeToken<T> get(java.lang.Class<T> p0){ return null; }
public static TypeToken<? extends Object> get(Type p0){ return null; }
public static TypeToken<? extends Object> getArray(Type p0){ return null; }
public static TypeToken<? extends Object> getParameterized(Type p0, Type... p1){ return null; }
}

89
java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonReader.java generated
View File

@@ -1,66 +1,33 @@
// Generated automatically from com.google.gson.stream.JsonReader for testing purposes
package com.google.gson.stream;
import com.google.gson.stream.JsonToken;
import java.io.Closeable;
import java.io.IOException;
import java.io.Reader;
public class JsonReader implements Closeable {
public JsonReader(Reader in) {
}
public final void setLenient(boolean lenient) {
}
public final boolean isLenient() {
return false;
}
public void beginArray() throws IOException {
}
public void endArray() throws IOException {
}
public void beginObject() throws IOException {
}
public void endObject() throws IOException {
}
public boolean hasNext() throws IOException {
return false;
}
public String nextName() throws IOException {
return null;
}
public String nextString() throws IOException {
return null;
}
public boolean nextBoolean() throws IOException {
return false;
}
public void nextNull() throws IOException {
}
public double nextDouble() throws IOException {
return -1;
}
public long nextLong() throws IOException {
return -1;
}
public int nextInt() throws IOException {
return -1;
}
public void close() throws IOException {
}
public void skipValue() throws IOException {
}
}
public class JsonReader implements Closeable
{
protected JsonReader() {}
public JsonReader(Reader p0){}
public JsonToken peek(){ return null; }
public String getPath(){ return null; }
public String getPreviousPath(){ return null; }
public String nextName(){ return null; }
public String nextString(){ return null; }
public String toString(){ return null; }
public boolean hasNext(){ return false; }
public boolean nextBoolean(){ return false; }
public double nextDouble(){ return 0; }
public final boolean isLenient(){ return false; }
public final void setLenient(boolean p0){}
public int nextInt(){ return 0; }
public long nextLong(){ return 0; }
public void beginArray(){}
public void beginObject(){}
public void close(){}
public void endArray(){}
public void endObject(){}
public void nextNull(){}
public void skipValue(){}
}

10
java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonToken.java generated Normal file
View File

@@ -0,0 +1,10 @@
// Generated automatically from com.google.gson.stream.JsonToken for testing purposes
package com.google.gson.stream;
public enum JsonToken
{
BEGIN_ARRAY, BEGIN_OBJECT, BOOLEAN, END_ARRAY, END_DOCUMENT, END_OBJECT, NAME, NULL, NUMBER, STRING;
private JsonToken() {}
}

36
java/ql/test/stubs/gson-2.8.6/com/google/gson/stream/JsonWriter.java generated Normal file
View File

@@ -0,0 +1,36 @@
// Generated automatically from com.google.gson.stream.JsonWriter for testing purposes
package com.google.gson.stream;
import java.io.Closeable;
import java.io.Flushable;
import java.io.Writer;
public class JsonWriter implements Closeable, Flushable
{
protected JsonWriter() {}
public JsonWriter beginArray(){ return null; }
public JsonWriter beginObject(){ return null; }
public JsonWriter endArray(){ return null; }
public JsonWriter endObject(){ return null; }
public JsonWriter jsonValue(String p0){ return null; }
public JsonWriter name(String p0){ return null; }
public JsonWriter nullValue(){ return null; }
public JsonWriter value(Boolean p0){ return null; }
public JsonWriter value(Number p0){ return null; }
public JsonWriter value(String p0){ return null; }
public JsonWriter value(boolean p0){ return null; }
public JsonWriter value(double p0){ return null; }
public JsonWriter value(float p0){ return null; }
public JsonWriter value(long p0){ return null; }
public JsonWriter(Writer p0){}
public boolean isLenient(){ return false; }
public final boolean getSerializeNulls(){ return false; }
public final boolean isHtmlSafe(){ return false; }
public final void setHtmlSafe(boolean p0){}
public final void setIndent(String p0){}
public final void setLenient(boolean p0){}
public final void setSerializeNulls(boolean p0){}
public void close(){}
public void flush(){}
}

131
java/ql/test/stubs/playframework-2.6.x/play/api/mvc/Cookie.java generated Normal file
View File

@@ -0,0 +1,131 @@
// Generated automatically from play.api.mvc.Cookie for testing purposes
package play.api.mvc;
import play.mvc.Http;
public class Cookie {
protected Cookie() {}
abstract static public class SameSite {
protected SameSite() {}
public Http.Cookie.SameSite asJava() {
return null;
}
public SameSite(String p0) {}
public String value() {
return null;
}
public boolean play$api$mvc$Cookie$SameSite$$matches(String p0) {
return false;
}
}
public Http.Cookie asJava() {
return null;
}
public Object productElement(int p0) {
return null;
}
public String copy$default$1() {
return null;
}
public String copy$default$2() {
return null;
}
public String copy$default$4() {
return null;
}
public String name() {
return null;
}
public String path() {
return null;
}
public String productPrefix() {
return null;
}
public String toString() {
return null;
}
public String value() {
return null;
}
public boolean canEqual(Object p0) {
return false;
}
public boolean copy$default$6() {
return false;
}
public boolean copy$default$7() {
return false;
}
public boolean equals(Object p0) {
return false;
}
public boolean httpOnly() {
return false;
}
public boolean secure() {
return false;
}
public int hashCode() {
return 0;
}
public int productArity() {
return 0;
}
public static String $lessinit$greater$default$4() {
return null;
}
public static String apply$default$4() {
return null;
}
public static boolean $lessinit$greater$default$6() {
return false;
}
public static boolean $lessinit$greater$default$7() {
return false;
}
public static boolean apply$default$6() {
return false;
}
public static boolean apply$default$7() {
return false;
}
public static int DiscardedMaxAge() {
return 0;
}
public static play.api.mvc.Cookie validatePrefix(play.api.mvc.Cookie p0) {
return null;
}
}

9
java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSClient.java generated Normal file
View File

@@ -0,0 +1,9 @@
package play.libs.ws;
public class StandaloneWSClient {
public StandaloneWSRequest url(String url) {
return null;
}
}

5
java/ql/test/stubs/playframework-2.6.x/play/libs/ws/StandaloneWSRequest.java generated Normal file
View File

@@ -0,0 +1,5 @@
package play.libs.ws;
public class StandaloneWSRequest {
}

9
java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSClient.java generated Normal file
View File

@@ -0,0 +1,9 @@
package play.libs.ws;
public class WSClient {
public WSRequest url(String url) {
return null;
}
}

5
java/ql/test/stubs/playframework-2.6.x/play/libs/ws/WSRequest.java generated Normal file
View File

@@ -0,0 +1,5 @@
package play.libs.ws;
public class WSRequest {
}

86
java/ql/test/stubs/playframework-2.6.x/play/mvc/Http.java generated
View File

@@ -1,5 +1,6 @@
package play.mvc;
import akka.util.ByteString;
import com.fasterxml.jackson.databind.JsonNode;
import java.io.File;
import java.net.URI;
@@ -32,24 +33,12 @@ public class Http {
public Context(Request request, JavaContextComponents components) {}
public Context(
Long id,
play.api.mvc.RequestHeader header,
Request request,
Map<String, String> sessionData,
Map<String, String> flashData,
Map<String, Object> args,
public Context(Long id, play.api.mvc.RequestHeader header, Request request,
Map<String, String> sessionData, Map<String, String> flashData, Map<String, Object> args,
JavaContextComponents components) {}
public Context(
Long id,
play.api.mvc.RequestHeader header,
Request request,
Response response,
Session session,
Flash flash,
Map<String, Object> args,
JavaContextComponents components) {}
public Context(Long id, play.api.mvc.RequestHeader header, Request request, Response response,
Session session, Flash flash, Map<String, Object> args, JavaContextComponents components) {}
public Long id() {
return 0L;
@@ -328,8 +317,8 @@ public class Http {
return null;
}
public RequestBuilder bodyMultipart(
List<String> data, Files.TemporaryFileCreator temporaryFileCreator, String mat) {
public RequestBuilder bodyMultipart(List<String> data,
Files.TemporaryFileCreator temporaryFileCreator, String mat) {
return null;
}
@@ -536,6 +525,10 @@ public class Http {
public abstract static class RawBuffer {
public abstract ByteString asBytes();
public abstract ByteString asBytes(int maxLength);
public abstract Long size();
public abstract File asFile();
@@ -559,7 +552,8 @@ public class Http {
}
}
public interface Part<A> {}
public interface Part<A> {
}
public static class FilePart<A> implements Part<A> {
@@ -577,9 +571,17 @@ public class Http {
return "";
}
public String getDispositionType() {
return "";
}
public A getFile() {
return null;
}
public A getRef() {
return null;
}
}
public static class DataPart {
@@ -608,6 +610,10 @@ public class Http {
public RequestBody(Object body) {}
public ByteString asBytes() {
return null;
}
public <A> MultipartFormData<A> asMultipartFormData() {
return null;
}
@@ -640,6 +646,10 @@ public class Http {
return null;
}
public <A> Optional<A> parseJson(Class<A> clazz) {
return null;
}
public String toString() {
return "";
}
@@ -657,15 +667,8 @@ public class Http {
public void setContentType(String contentType) {}
@Deprecated
public void setCookie(
String name,
String value,
Integer maxAge,
String path,
String domain,
boolean secure,
boolean httpOnly,
SameSite sameSite) {}
public void setCookie(String name, String value, Integer maxAge, String path, String domain,
boolean secure, boolean httpOnly, SameSite sameSite) {}
public void setCookie(Cookie cookie) {}
@@ -734,25 +737,12 @@ public class Http {
public static class Cookie {
public Cookie(
String name,
String value,
Integer maxAge,
String path,
String domain,
boolean secure,
boolean httpOnly,
SameSite sameSite) {}
public Cookie(String name, String value, Integer maxAge, String path, String domain,
boolean secure, boolean httpOnly, SameSite sameSite) {}
@Deprecated
public Cookie(
String name,
String value,
Integer maxAge,
String path,
String domain,
boolean secure,
boolean httpOnly) {}
public Cookie(String name, String value, Integer maxAge, String path, String domain,
boolean secure, boolean httpOnly) {}
public static CookieBuilder builder(String name, String value) {
return null;
@@ -791,9 +781,7 @@ public class Http {
}
public enum SameSite {
STRICT("Strict"),
LAX("Lax"),
NONE("None");
STRICT("Strict"), LAX("Lax"), NONE("None");
SameSite(String value) {}
@@ -856,6 +844,8 @@ public class Http {
public interface Cookies extends Iterable<Cookie> {
Cookie get(String name);
Optional<Cookie> getCookie(String name);
}
public interface HeaderNames {

10
java/ql/test/utils/modelgenerator/dataflow/CaptureSinkModels.expected
View File

@@ -1,5 +1,5 @@
| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];create-file;df-generated |
| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];read-file;df-generated |
| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];create-file;df-generated |
| p;Sinks;true;readUrl;(URL,Charset);;Argument[0];open-url;df-generated |
| p;Sources;true;readUrl;(URL);;Argument[0];open-url;df-generated |
| p;PrivateFlowViaPublicInterface$SPI;true;openStream;();;Argument[this];path-injection;df-generated |
| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated |
| p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated |
| p;Sinks;true;readUrl;(URL,Charset);;Argument[0];request-forgery;df-generated |
| p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated |