mirror of
https://github.com/github/codeql.git
synced 2026-04-28 18:25:24 +02:00
Merge pull request #13256 from atorralba/atorralba/java/stapler-models
Java: Model the Stapler framework
This commit is contained in:
Tony Torralba
@@ -0,0 +1,14 @@
|
||||
import org.kohsuke.stapler.InjectedParameter;
|
||||
|
||||
public class Stapler {
|
||||
|
||||
@InjectedParameter
|
||||
private @interface MyInjectedParameter {
|
||||
}
|
||||
|
||||
private static void sink(Object o) {}
|
||||
|
||||
public static void test(@MyInjectedParameter String src) {
|
||||
sink(src); // $ hasRemoteValueFlow
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
|
||||
@@ -0,0 +1,42 @@
|
||||
import javax.annotation.PostConstruct;
|
||||
import net.sf.json.JSONObject;
|
||||
import org.kohsuke.stapler.DataBoundConstructor;
|
||||
import org.kohsuke.stapler.DataBoundResolvable;
|
||||
import org.kohsuke.stapler.DataBoundSetter;
|
||||
import org.kohsuke.stapler.StaplerRequest;
|
||||
|
||||
public class DataBoundPostConstructTest implements DataBoundResolvable {
|
||||
|
||||
static Object source(String label) {
|
||||
return null;
|
||||
}
|
||||
|
||||
static void sink(Object o) {}
|
||||
|
||||
static void test() {
|
||||
new DataBoundPostConstructTest(source("constructor"));
|
||||
new DataBoundPostConstructTest(null).setField(source("setter"));
|
||||
}
|
||||
|
||||
private Object field;
|
||||
|
||||
@DataBoundConstructor
|
||||
public DataBoundPostConstructTest(Object field) {
|
||||
this.field = field;
|
||||
}
|
||||
|
||||
@DataBoundSetter
|
||||
public void setField(Object field) {
|
||||
this.field = field;
|
||||
}
|
||||
|
||||
private Object bindResolve(StaplerRequest request, JSONObject src) {
|
||||
sink(this.field); // $ hasValueFlow=constructor hasValueFlow=setter
|
||||
return null;
|
||||
}
|
||||
|
||||
@PostConstruct
|
||||
private void post() {
|
||||
sink(this.field); // $ hasValueFlow=constructor hasValueFlow=setter
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,26 @@
|
||||
import hudson.model.Descriptor;
|
||||
import org.kohsuke.stapler.HttpResponse;
|
||||
import org.kohsuke.stapler.StaplerRequest;
|
||||
import org.kohsuke.stapler.StaplerResponse;
|
||||
|
||||
public class HttpResponseTest {
|
||||
|
||||
Object source() {
|
||||
return null;
|
||||
}
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
private class MyDescriptor extends Descriptor<Object> {
|
||||
public HttpResponse doTest() {
|
||||
return (MyHttpResponse) source();
|
||||
}
|
||||
}
|
||||
|
||||
private class MyHttpResponse implements HttpResponse {
|
||||
@Override
|
||||
public void generateResponse(StaplerRequest p0, StaplerResponse p1, Object p2) {
|
||||
sink(this); // $ hasValueFlow
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/jaxen-1.2.0
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/javax-annotation-api-1.3.2
|
||||
13
java/ql/test/stubs/javax-annotation-api-1.3.2/javax/annotation/PostConstruct.java
generated
Normal file
13
java/ql/test/stubs/javax-annotation-api-1.3.2/javax/annotation/PostConstruct.java
generated
Normal file
@@ -0,0 +1,13 @@
|
||||
package javax.annotation;
|
||||
|
||||
import static java.lang.annotation.ElementType.METHOD;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Documented
|
||||
@Retention(RUNTIME)
|
||||
@Target(METHOD)
|
||||
public @interface PostConstruct {
|
||||
}
|
||||
5
java/ql/test/stubs/jenkins/hudson/model/Descriptor.java
generated
Normal file
5
java/ql/test/stubs/jenkins/hudson/model/Descriptor.java
generated
Normal file
@@ -0,0 +1,5 @@
|
||||
package hudson.model;
|
||||
|
||||
public abstract class Descriptor<T> {
|
||||
|
||||
}
|
||||
13
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundConstructor.java
generated
Normal file
13
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundConstructor.java
generated
Normal file
@@ -0,0 +1,13 @@
|
||||
package org.kohsuke.stapler;
|
||||
|
||||
import static java.lang.annotation.ElementType.CONSTRUCTOR;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Retention(RUNTIME)
|
||||
@Target(CONSTRUCTOR)
|
||||
@Documented
|
||||
public @interface DataBoundConstructor {
|
||||
}
|
||||
4
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundResolvable.java
generated
Normal file
4
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundResolvable.java
generated
Normal file
@@ -0,0 +1,4 @@
|
||||
package org.kohsuke.stapler;
|
||||
|
||||
public interface DataBoundResolvable {
|
||||
}
|
||||
14
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundSetter.java
generated
Normal file
14
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/DataBoundSetter.java
generated
Normal file
@@ -0,0 +1,14 @@
|
||||
package org.kohsuke.stapler;
|
||||
|
||||
import static java.lang.annotation.ElementType.FIELD;
|
||||
import static java.lang.annotation.ElementType.METHOD;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Retention(RUNTIME)
|
||||
@Target({METHOD, FIELD})
|
||||
@Documented
|
||||
public @interface DataBoundSetter {
|
||||
}
|
||||
13
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/InjectedParameter.java
generated
Normal file
13
java/ql/test/stubs/stapler-1.263/org/kohsuke/stapler/InjectedParameter.java
generated
Normal file
@@ -0,0 +1,13 @@
|
||||
package org.kohsuke.stapler;
|
||||
|
||||
import java.lang.annotation.Documented;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.Target;
|
||||
import static java.lang.annotation.RetentionPolicy.RUNTIME;
|
||||
import static java.lang.annotation.ElementType.ANNOTATION_TYPE;;
|
||||
|
||||
@Retention(RUNTIME)
|
||||
@Target(ANNOTATION_TYPE)
|
||||
@Documented
|
||||
public @interface InjectedParameter {
|
||||
}
|
||||
Reference in New Issue
Block a user