mirror of
https://github.com/github/codeql.git
synced 2026-01-06 19:20:25 +01:00
add explicit this qualifier on all of java
This commit is contained in:
Erik Krogh Kristensen
@@ -24,7 +24,7 @@ predicate hasInjectAnnotation(Annotatable a) {
|
||||
class SpringComponentConstructor extends Constructor {
|
||||
SpringComponentConstructor() {
|
||||
// Must be a live Spring component.
|
||||
getDeclaringType().(SpringComponent).isLive() and
|
||||
this.getDeclaringType().(SpringComponent).isLive() and
|
||||
(
|
||||
this.getNumberOfParameters() = 0 or
|
||||
hasInjectAnnotation(this)
|
||||
@@ -93,8 +93,8 @@ class SpringBeanXMLAutowiredSetterMethod extends Method {
|
||||
)
|
||||
) and
|
||||
// The resulting bean is of the right type.
|
||||
result.getClass().getAnAncestor() = getParameter(0).getType() and
|
||||
getNumberOfParameters() = 1 and
|
||||
result.getClass().getAnAncestor() = this.getParameter(0).getType() and
|
||||
this.getNumberOfParameters() = 1 and
|
||||
this.getName().matches("set%")
|
||||
)
|
||||
}
|
||||
@@ -110,7 +110,7 @@ class SpringBeanAutowiredCallable extends Callable {
|
||||
// Marked as `@Autowired`.
|
||||
hasInjectAnnotation(this) and
|
||||
// No autowiring occurs if there are no parameters
|
||||
getNumberOfParameters() > 0
|
||||
this.getNumberOfParameters() > 0
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -118,7 +118,7 @@ class SpringBeanAutowiredCallable extends Callable {
|
||||
* defined in.
|
||||
*/
|
||||
SpringBean getEnclosingSpringBean() {
|
||||
result = getDeclaringType().(SpringBeanRefType).getSpringBean()
|
||||
result = this.getDeclaringType().(SpringBeanRefType).getSpringBean()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -129,22 +129,24 @@ class SpringBeanAutowiredCallable extends Callable {
|
||||
/**
|
||||
* Gets the qualifier annotation for parameter at `pos`, if any.
|
||||
*/
|
||||
SpringQualifierAnnotation getQualifier(int pos) { result = getParameter(pos).getAnAnnotation() }
|
||||
SpringQualifierAnnotation getQualifier(int pos) {
|
||||
result = this.getParameter(pos).getAnAnnotation()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the qualifier annotation for this method, if any.
|
||||
*/
|
||||
SpringQualifierAnnotation getQualifier() { result = getAnAnnotation() }
|
||||
SpringQualifierAnnotation getQualifier() { result = this.getAnAnnotation() }
|
||||
|
||||
/**
|
||||
* Gets the resource annotation for this method, if any.
|
||||
*/
|
||||
SpringResourceAnnotation getResource() { result = getAnAnnotation() }
|
||||
SpringResourceAnnotation getResource() { result = this.getAnAnnotation() }
|
||||
|
||||
/**
|
||||
* Gets a bean that will be injected into this callable.
|
||||
*/
|
||||
SpringBean getAnInjectedBean() { result = getInjectedBean(_) }
|
||||
SpringBean getAnInjectedBean() { result = this.getInjectedBean(_) }
|
||||
|
||||
/**
|
||||
* Gets the `SpringBean`, if any, that will be injected for the parameter at position `pos`,
|
||||
@@ -152,24 +154,24 @@ class SpringBeanAutowiredCallable extends Callable {
|
||||
*/
|
||||
SpringBean getInjectedBean(int pos) {
|
||||
// Must be a sub-type of the parameter type
|
||||
result.getClass().getAnAncestor() = getParameterType(pos) and
|
||||
result.getClass().getAnAncestor() = this.getParameterType(pos) and
|
||||
// Now look up bean
|
||||
if exists(getQualifier(pos))
|
||||
if exists(this.getQualifier(pos))
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` specified on the parameter
|
||||
result = getQualifier(pos).getSpringBean()
|
||||
result = this.getQualifier(pos).getSpringBean()
|
||||
else
|
||||
if exists(getQualifier()) and getNumberOfParameters() = 1
|
||||
if exists(this.getQualifier()) and this.getNumberOfParameters() = 1
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` on the method
|
||||
pos = 0 and
|
||||
result = getQualifier().getSpringBean()
|
||||
result = this.getQualifier().getSpringBean()
|
||||
else
|
||||
if exists(getResource().getNameValue()) and getNumberOfParameters() = 1
|
||||
if exists(this.getResource().getNameValue()) and this.getNumberOfParameters() = 1
|
||||
then
|
||||
// Resolved by looking at the name part of `@Resource(name="qualifier")`
|
||||
pos = 0 and
|
||||
result = getResource().getSpringBean()
|
||||
result = this.getResource().getSpringBean()
|
||||
else
|
||||
// Otherwise no restrictions, just by type
|
||||
any()
|
||||
@@ -181,24 +183,24 @@ class SpringBeanAutowiredCallable extends Callable {
|
||||
*/
|
||||
SpringComponent getInjectedComponent(int pos) {
|
||||
// Must be a sub-type of the parameter type
|
||||
result.getAnAncestor() = getParameterType(pos) and
|
||||
result.getAnAncestor() = this.getParameterType(pos) and
|
||||
// Now look up bean
|
||||
if exists(getQualifier(pos))
|
||||
if exists(this.getQualifier(pos))
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` specified on the parameter
|
||||
result = getQualifier(pos).getSpringComponent()
|
||||
result = this.getQualifier(pos).getSpringComponent()
|
||||
else
|
||||
if exists(getQualifier()) and getNumberOfParameters() = 1
|
||||
if exists(this.getQualifier()) and this.getNumberOfParameters() = 1
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` on the method
|
||||
pos = 0 and
|
||||
result = getQualifier().getSpringComponent()
|
||||
result = this.getQualifier().getSpringComponent()
|
||||
else
|
||||
if exists(getResource().getNameValue()) and getNumberOfParameters() = 1
|
||||
if exists(this.getResource().getNameValue()) and this.getNumberOfParameters() = 1
|
||||
then
|
||||
// Resolved by looking at the name part of `@Resource(name="qualifier")`
|
||||
pos = 0 and
|
||||
result = getResource().getSpringComponent()
|
||||
result = this.getResource().getSpringComponent()
|
||||
else
|
||||
// Otherwise no restrictions, just by type
|
||||
any()
|
||||
@@ -219,7 +221,7 @@ class SpringBeanAutowiredField extends Field {
|
||||
* defined in.
|
||||
*/
|
||||
SpringBean getEnclosingSpringBean() {
|
||||
result = getDeclaringType().(SpringBeanRefType).getSpringBean()
|
||||
result = this.getDeclaringType().(SpringBeanRefType).getSpringBean()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -230,12 +232,12 @@ class SpringBeanAutowiredField extends Field {
|
||||
/**
|
||||
* Gets the qualifier annotation for this method, if any.
|
||||
*/
|
||||
SpringQualifierAnnotation getQualifier() { result = getAnAnnotation() }
|
||||
SpringQualifierAnnotation getQualifier() { result = this.getAnAnnotation() }
|
||||
|
||||
/**
|
||||
* Gets the resource annotation for this method, if any.
|
||||
*/
|
||||
SpringResourceAnnotation getResource() { result = getAnAnnotation() }
|
||||
SpringResourceAnnotation getResource() { result = this.getAnAnnotation() }
|
||||
|
||||
/**
|
||||
* Gets the `SpringBean`, if any, that will be injected for this field, considering any `@Qualifier`
|
||||
@@ -243,17 +245,17 @@ class SpringBeanAutowiredField extends Field {
|
||||
*/
|
||||
SpringBean getInjectedBean() {
|
||||
// Must be a sub-type of the parameter type
|
||||
result.getClass().getAnAncestor() = getType() and
|
||||
result.getClass().getAnAncestor() = this.getType() and
|
||||
// Now look up bean
|
||||
if exists(getQualifier())
|
||||
if exists(this.getQualifier())
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` specified on the field
|
||||
result = getQualifier().getSpringBean()
|
||||
result = this.getQualifier().getSpringBean()
|
||||
else
|
||||
if exists(getResource().getNameValue())
|
||||
if exists(this.getResource().getNameValue())
|
||||
then
|
||||
// Resolved by looking at the name part of `@Resource(name="qualifier")`
|
||||
result = getResource().getSpringBean()
|
||||
result = this.getResource().getSpringBean()
|
||||
else
|
||||
// Otherwise no restrictions, just by type
|
||||
any()
|
||||
@@ -265,17 +267,17 @@ class SpringBeanAutowiredField extends Field {
|
||||
*/
|
||||
SpringComponent getInjectedComponent() {
|
||||
// Must be a sub-type of the parameter type
|
||||
result.getAnAncestor() = getType() and
|
||||
result.getAnAncestor() = this.getType() and
|
||||
// Now look up bean
|
||||
if exists(getQualifier())
|
||||
if exists(this.getQualifier())
|
||||
then
|
||||
// Resolved by `@Qualifier("qualifier")` specified on the field
|
||||
result = getQualifier().getSpringComponent()
|
||||
result = this.getQualifier().getSpringComponent()
|
||||
else
|
||||
if exists(getResource().getNameValue())
|
||||
if exists(this.getResource().getNameValue())
|
||||
then
|
||||
// Resolved by looking at the name part of `@Resource(name="qualifier")`
|
||||
result = getResource().getSpringComponent()
|
||||
result = this.getResource().getSpringComponent()
|
||||
else
|
||||
// Otherwise no restrictions, just by type
|
||||
any()
|
||||
@@ -287,9 +289,9 @@ class SpringBeanAutowiredField extends Field {
|
||||
*/
|
||||
class SpringQualifierAnnotationType extends AnnotationType {
|
||||
SpringQualifierAnnotationType() {
|
||||
hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or
|
||||
hasQualifiedName("javax.inject", "Qualifier") or
|
||||
getAnAnnotation().getType() instanceof SpringQualifierAnnotationType
|
||||
this.hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or
|
||||
this.hasQualifiedName("javax.inject", "Qualifier") or
|
||||
this.getAnAnnotation().getType() instanceof SpringQualifierAnnotationType
|
||||
}
|
||||
}
|
||||
|
||||
@@ -299,15 +301,15 @@ class SpringQualifierAnnotationType extends AnnotationType {
|
||||
*/
|
||||
class SpringQualifierDefinitionAnnotation extends Annotation {
|
||||
SpringQualifierDefinitionAnnotation() {
|
||||
getType() instanceof SpringQualifierAnnotationType and
|
||||
getAnnotatedElement() instanceof SpringComponent
|
||||
this.getType() instanceof SpringQualifierAnnotationType and
|
||||
this.getAnnotatedElement() instanceof SpringComponent
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the value of the qualifier field for this qualifier.
|
||||
*/
|
||||
string getQualifierValue() {
|
||||
result = getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
result = this.getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -315,24 +317,24 @@ class SpringQualifierDefinitionAnnotation extends Annotation {
|
||||
* A qualifier annotation on a method or field that is used to disambiguate which bean will be used.
|
||||
*/
|
||||
class SpringQualifierAnnotation extends Annotation {
|
||||
SpringQualifierAnnotation() { getType() instanceof SpringQualifierAnnotationType }
|
||||
SpringQualifierAnnotation() { this.getType() instanceof SpringQualifierAnnotationType }
|
||||
|
||||
/**
|
||||
* Gets the value of the qualifier field for this qualifier.
|
||||
*/
|
||||
string getQualifierValue() {
|
||||
result = getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
result = this.getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the bean definition in an XML file that this qualifier resolves to, if any.
|
||||
*/
|
||||
SpringBean getSpringBean() { result.getQualifierValue() = getQualifierValue() }
|
||||
SpringBean getSpringBean() { result.getQualifierValue() = this.getQualifierValue() }
|
||||
|
||||
/**
|
||||
* Gets the Spring component that this qualifier resolves to, if any.
|
||||
*/
|
||||
SpringComponent getSpringComponent() { result.getQualifierValue() = getQualifierValue() }
|
||||
SpringComponent getSpringComponent() { result.getQualifierValue() = this.getQualifierValue() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -340,20 +342,22 @@ class SpringQualifierAnnotation extends Annotation {
|
||||
* autowired by Spring, and can optionally specify a qualifier in the "name".
|
||||
*/
|
||||
class SpringResourceAnnotation extends Annotation {
|
||||
SpringResourceAnnotation() { getType().hasQualifiedName("javax.inject", "Resource") }
|
||||
SpringResourceAnnotation() { this.getType().hasQualifiedName("javax.inject", "Resource") }
|
||||
|
||||
/**
|
||||
* Gets the specified name value, if any.
|
||||
*/
|
||||
string getNameValue() { result = getValue("name").(CompileTimeConstantExpr).getStringValue() }
|
||||
string getNameValue() {
|
||||
result = this.getValue("name").(CompileTimeConstantExpr).getStringValue()
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the bean definition in an XML file that the resource resolves to, if any.
|
||||
*/
|
||||
SpringBean getSpringBean() { result.getQualifierValue() = getNameValue() }
|
||||
SpringBean getSpringBean() { result.getQualifierValue() = this.getNameValue() }
|
||||
|
||||
/**
|
||||
* Gets the Spring component that this qualifier resolves to, if any.
|
||||
*/
|
||||
SpringComponent getSpringComponent() { result.getQualifierValue() = getNameValue() }
|
||||
SpringComponent getSpringComponent() { result.getQualifierValue() = this.getNameValue() }
|
||||
}
|
||||
|
||||
@@ -16,7 +16,7 @@ class SpringBean extends SpringXMLElement {
|
||||
SpringBean() {
|
||||
this.getName() = "bean" and
|
||||
// Do not capture Camel beans, which are different
|
||||
not getNamespace().getURI() = "http://camel.apache.org/schema/spring"
|
||||
not this.getNamespace().getURI() = "http://camel.apache.org/schema/spring"
|
||||
}
|
||||
|
||||
override string toString() { result = this.getBeanIdentifier() }
|
||||
@@ -383,7 +383,7 @@ class SpringBean extends SpringXMLElement {
|
||||
// If a factory bean is specified, use that, otherwise use the current bean.
|
||||
(
|
||||
if exists(this.getFactoryBeanName())
|
||||
then result.getDeclaringType() = getFactoryBean().getClass()
|
||||
then result.getDeclaringType() = this.getFactoryBean().getClass()
|
||||
else (
|
||||
result.getDeclaringType() = this.getClass() and
|
||||
// Must be static because we don't yet have an instance.
|
||||
@@ -400,9 +400,9 @@ class SpringBean extends SpringXMLElement {
|
||||
* the bean identifier if no qualifier is specified.
|
||||
*/
|
||||
string getQualifierValue() {
|
||||
if exists(getQualifier())
|
||||
then result = getQualifier().getQualifierValue()
|
||||
else result = getBeanIdentifier()
|
||||
if exists(this.getQualifier())
|
||||
then result = this.getQualifier().getQualifierValue()
|
||||
else result = this.getBeanIdentifier()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -35,7 +35,12 @@ class SpringBeanFile extends XMLFile {
|
||||
*/
|
||||
string getAProfileExpr() {
|
||||
result =
|
||||
getBeansElement().getAttribute("profile").getValue().splitAt(",").splitAt(" ").splitAt(";") and
|
||||
this.getBeansElement()
|
||||
.getAttribute("profile")
|
||||
.getValue()
|
||||
.splitAt(",")
|
||||
.splitAt(" ")
|
||||
.splitAt(";") and
|
||||
result.length() != 0
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ class SpringXMLComponentScan extends SpringXMLElement {
|
||||
* Gets a profile expression for which this `component-scan` is enabled, or nothing if it is
|
||||
* applicable to any profile.
|
||||
*/
|
||||
string getAProfileExpr() { result = getSpringBeanFile().getAProfileExpr() }
|
||||
string getAProfileExpr() { result = this.getSpringBeanFile().getAProfileExpr() }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -29,7 +29,7 @@ class SpringXMLComponentScan extends SpringXMLElement {
|
||||
*/
|
||||
class SpringComponentScan extends Annotation {
|
||||
SpringComponentScan() {
|
||||
getType().hasQualifiedName("org.springframework.context.annotation", "ComponentScan")
|
||||
this.getType().hasQualifiedName("org.springframework.context.annotation", "ComponentScan")
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -37,13 +37,13 @@ class SpringComponentScan extends Annotation {
|
||||
*/
|
||||
string getBasePackages() {
|
||||
// "value" and "basePackages" are synonymous, and are simple strings
|
||||
result = getAValue("basePackages").(StringLiteral).getRepresentedString()
|
||||
result = this.getAValue("basePackages").(StringLiteral).getRepresentedString()
|
||||
or
|
||||
result = getAValue("value").(StringLiteral).getRepresentedString()
|
||||
result = this.getAValue("value").(StringLiteral).getRepresentedString()
|
||||
or
|
||||
exists(TypeLiteral typeLiteral |
|
||||
// Base package classes are type literals whose package should be considered a base package.
|
||||
typeLiteral = getAValue("basePackageClasses")
|
||||
typeLiteral = this.getAValue("basePackageClasses")
|
||||
|
|
||||
result = typeLiteral.getReferencedType().(RefType).getPackage().getName()
|
||||
)
|
||||
@@ -97,10 +97,10 @@ class SpringBasePackage extends string {
|
||||
class SpringComponentAnnotation extends AnnotationType {
|
||||
SpringComponentAnnotation() {
|
||||
// Component used directly as an annotation.
|
||||
hasQualifiedName("org.springframework.stereotype", "Component")
|
||||
this.hasQualifiedName("org.springframework.stereotype", "Component")
|
||||
or
|
||||
// Component can be used as a meta-annotation on other annotation types.
|
||||
getAnAnnotation().getType() instanceof SpringComponentAnnotation
|
||||
this.getAnAnnotation().getType() instanceof SpringComponentAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
@@ -117,20 +117,20 @@ private predicate isSpringXMLEnabled() { exists(SpringXMLElement springXMLElemen
|
||||
*/
|
||||
class SpringComponent extends RefType {
|
||||
SpringComponent() {
|
||||
getAnAnnotation().getType() instanceof SpringComponentAnnotation and
|
||||
this.getAnAnnotation().getType() instanceof SpringComponentAnnotation and
|
||||
not this instanceof AnnotationType
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets a qualifier used to distinguish when this class should be autowired into other classes.
|
||||
*/
|
||||
SpringQualifierDefinitionAnnotation getQualifier() { result = getAnAnnotation() }
|
||||
SpringQualifierDefinitionAnnotation getQualifier() { result = this.getAnAnnotation() }
|
||||
|
||||
/**
|
||||
* Gets the `@Component` or equivalent annotation.
|
||||
*/
|
||||
Annotation getComponentAnnotation() {
|
||||
result = getAnAnnotation() and
|
||||
result = this.getAnAnnotation() and
|
||||
result.getType() instanceof SpringComponentAnnotation
|
||||
}
|
||||
|
||||
@@ -138,13 +138,14 @@ class SpringComponent extends RefType {
|
||||
* Gets the bean identifier for this component.
|
||||
*/
|
||||
string getBeanIdentifier() {
|
||||
if exists(getComponentAnnotation().getValue("value"))
|
||||
if exists(this.getComponentAnnotation().getValue("value"))
|
||||
then
|
||||
// If the name has been specified in the component annotation, use that.
|
||||
result = getComponentAnnotation().getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
result =
|
||||
this.getComponentAnnotation().getValue("value").(CompileTimeConstantExpr).getStringValue()
|
||||
else
|
||||
// Otherwise use the name of the class, with the initial letter lower cased.
|
||||
exists(string name | name = getName() |
|
||||
exists(string name | name = this.getName() |
|
||||
result = name.charAt(0).toLowerCase() + name.suffix(1)
|
||||
)
|
||||
}
|
||||
@@ -154,13 +155,13 @@ class SpringComponent extends RefType {
|
||||
* resolving autowiring on other classes.
|
||||
*/
|
||||
string getQualifierValue() {
|
||||
if exists(getQualifier())
|
||||
if exists(this.getQualifier())
|
||||
then
|
||||
// If given a qualifier, use the value specified.
|
||||
result = getQualifier().getQualifierValue()
|
||||
result = this.getQualifier().getQualifierValue()
|
||||
else
|
||||
// Otherwise, default to the bean identifier.
|
||||
result = getBeanIdentifier()
|
||||
result = this.getBeanIdentifier()
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -184,8 +185,8 @@ class SpringComponent extends RefType {
|
||||
this.getPackage().getName() = sbp
|
||||
) and
|
||||
(
|
||||
not exists(getAProfileExpr()) or
|
||||
getAProfileExpr().(SpringProfileExpr).isActive()
|
||||
not exists(this.getAProfileExpr()) or
|
||||
this.getAProfileExpr().(SpringProfileExpr).isActive()
|
||||
)
|
||||
}
|
||||
|
||||
@@ -195,7 +196,7 @@ class SpringComponent extends RefType {
|
||||
*/
|
||||
string getAProfileExpr() {
|
||||
exists(Annotation profileAnnotation |
|
||||
profileAnnotation = getAnAnnotation() and
|
||||
profileAnnotation = this.getAnAnnotation() and
|
||||
profileAnnotation
|
||||
.getType()
|
||||
.hasQualifiedName("org.springframework.context.annotation", "Profile")
|
||||
|
||||
@@ -9,10 +9,10 @@ import SpringWebClient
|
||||
class SpringControllerAnnotation extends AnnotationType {
|
||||
SpringControllerAnnotation() {
|
||||
// `@Controller` used directly as an annotation.
|
||||
hasQualifiedName("org.springframework.stereotype", "Controller")
|
||||
this.hasQualifiedName("org.springframework.stereotype", "Controller")
|
||||
or
|
||||
// `@Controller` can be used as a meta-annotation on other annotation types.
|
||||
getAnAnnotation().getType() instanceof SpringControllerAnnotation
|
||||
this.getAnAnnotation().getType() instanceof SpringControllerAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
@@ -22,28 +22,30 @@ class SpringControllerAnnotation extends AnnotationType {
|
||||
* Rest controllers are the same as controllers, but imply the `@ResponseBody` annotation.
|
||||
*/
|
||||
class SpringRestControllerAnnotation extends SpringControllerAnnotation {
|
||||
SpringRestControllerAnnotation() { hasName("RestController") }
|
||||
SpringRestControllerAnnotation() { this.hasName("RestController") }
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated, directly or indirectly, as a Spring `Controller`.
|
||||
*/
|
||||
class SpringController extends Class {
|
||||
SpringController() { getAnAnnotation().getType() instanceof SpringControllerAnnotation }
|
||||
SpringController() { this.getAnAnnotation().getType() instanceof SpringControllerAnnotation }
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated, directly or indirectly, as a Spring `RestController`.
|
||||
*/
|
||||
class SpringRestController extends SpringController {
|
||||
SpringRestController() { getAnAnnotation().getType() instanceof SpringRestControllerAnnotation }
|
||||
SpringRestController() {
|
||||
this.getAnAnnotation().getType() instanceof SpringRestControllerAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A method on a Spring controller which is accessed by the Spring MVC framework.
|
||||
*/
|
||||
abstract class SpringControllerMethod extends Method {
|
||||
SpringControllerMethod() { getDeclaringType() instanceof SpringController }
|
||||
SpringControllerMethod() { this.getDeclaringType() instanceof SpringController }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -83,10 +85,10 @@ class SpringInitBinderMethod extends SpringControllerMethod {
|
||||
class SpringRequestMappingAnnotationType extends AnnotationType {
|
||||
SpringRequestMappingAnnotationType() {
|
||||
// `@RequestMapping` used directly as an annotation.
|
||||
hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping")
|
||||
this.hasQualifiedName("org.springframework.web.bind.annotation", "RequestMapping")
|
||||
or
|
||||
// `@RequestMapping` can be used as a meta-annotation on other annotation types, e.g. GetMapping, PostMapping etc.
|
||||
getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType
|
||||
this.getAnAnnotation().getType() instanceof SpringRequestMappingAnnotationType
|
||||
}
|
||||
}
|
||||
|
||||
@@ -96,7 +98,7 @@ class SpringRequestMappingAnnotationType extends AnnotationType {
|
||||
class SpringResponseBodyAnnotationType extends AnnotationType {
|
||||
SpringResponseBodyAnnotationType() {
|
||||
// `@ResponseBody` used directly as an annotation.
|
||||
hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
|
||||
this.hasQualifiedName("org.springframework.web.bind.annotation", "ResponseBody")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -129,7 +131,7 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
|
||||
}
|
||||
|
||||
/** Gets a request mapping parameter. */
|
||||
SpringRequestMappingParameter getARequestParameter() { result = getAParameter() }
|
||||
SpringRequestMappingParameter getARequestParameter() { result = this.getAParameter() }
|
||||
|
||||
/** Gets the "produces" @RequestMapping annotation value, if present. If an array is specified, gets the array. */
|
||||
Expr getProducesExpr() {
|
||||
@@ -158,9 +160,9 @@ class SpringRequestMappingMethod extends SpringControllerMethod {
|
||||
|
||||
/** Holds if this is considered an `@ResponseBody` method. */
|
||||
predicate isResponseBody() {
|
||||
getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
|
||||
getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
|
||||
getDeclaringType() instanceof SpringRestController
|
||||
this.getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
|
||||
this.getDeclaringType().getAnAnnotation().getType() instanceof SpringResponseBodyAnnotationType or
|
||||
this.getDeclaringType() instanceof SpringRestController
|
||||
}
|
||||
}
|
||||
|
||||
@@ -185,44 +187,50 @@ class SpringServletInputAnnotation extends Annotation {
|
||||
/** An annotation of the type `org.springframework.web.bind.annotation.ModelAttribute`. */
|
||||
class SpringModelAttributeAnnotation extends Annotation {
|
||||
SpringModelAttributeAnnotation() {
|
||||
getType().hasQualifiedName("org.springframework.web.bind.annotation", "ModelAttribute")
|
||||
this.getType().hasQualifiedName("org.springframework.web.bind.annotation", "ModelAttribute")
|
||||
}
|
||||
}
|
||||
|
||||
/** A parameter of a `SpringRequestMappingMethod`. */
|
||||
class SpringRequestMappingParameter extends Parameter {
|
||||
SpringRequestMappingParameter() { getCallable() instanceof SpringRequestMappingMethod }
|
||||
SpringRequestMappingParameter() { this.getCallable() instanceof SpringRequestMappingMethod }
|
||||
|
||||
/** Holds if the parameter should not be consider a direct source of taint. */
|
||||
predicate isNotDirectlyTaintedInput() {
|
||||
getType().(RefType).getAnAncestor() instanceof SpringWebRequest or
|
||||
getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("org.springframework.http", "HttpMethod") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "OutputStream") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Writer") or
|
||||
getType()
|
||||
this.getType().(RefType).getAnAncestor() instanceof SpringWebRequest or
|
||||
this.getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.http", "HttpMethod") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "OutputStream") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Writer") or
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.web.servlet.mvc.support", "RedirectAttributes") or
|
||||
// Also covers BindingResult. Note, you can access the field value through this interface, which should be considered tainted
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("org.springframework.validation", "Errors") or
|
||||
getType()
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.validation", "Errors") or
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.web.bind.support", "SessionStatus") or
|
||||
getType()
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.web.util", "UriComponentsBuilder") or
|
||||
getType()
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("org.springframework.data.domain", "Pageable") or
|
||||
@@ -231,13 +239,13 @@ class SpringRequestMappingParameter extends Parameter {
|
||||
|
||||
private predicate isExplicitlyTaintedInput() {
|
||||
// InputStream or Reader parameters allow access to the body of a request
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "InputStream") or
|
||||
getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "InputStream") or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader") or
|
||||
// The SpringServletInputAnnotations allow access to the URI, request parameters, cookie values and the body of the request
|
||||
this.getAnAnnotation() instanceof SpringServletInputAnnotation or
|
||||
// HttpEntity is like @RequestBody, but with a wrapper including the headers
|
||||
// TODO model unwrapping aspects
|
||||
getType().(RefType).getASourceSupertype*() instanceof SpringHttpEntity or
|
||||
this.getType().(RefType).getASourceSupertype*() instanceof SpringHttpEntity or
|
||||
this.getAnAnnotation()
|
||||
.getType()
|
||||
.hasQualifiedName("org.springframework.web.bind.annotation", "RequestAttribute") or
|
||||
@@ -249,35 +257,35 @@ class SpringRequestMappingParameter extends Parameter {
|
||||
private predicate isImplicitRequestParam() {
|
||||
// Any parameter which is not explicitly handled, is consider to be an `@RequestParam`, if
|
||||
// it is a simple bean property
|
||||
not isNotDirectlyTaintedInput() and
|
||||
not isExplicitlyTaintedInput() and
|
||||
not this.isNotDirectlyTaintedInput() and
|
||||
not this.isExplicitlyTaintedInput() and
|
||||
(
|
||||
getType() instanceof PrimitiveType or
|
||||
getType() instanceof TypeString
|
||||
this.getType() instanceof PrimitiveType or
|
||||
this.getType() instanceof TypeString
|
||||
)
|
||||
}
|
||||
|
||||
private predicate isImplicitModelAttribute() {
|
||||
// Any parameter which is not explicitly handled, is consider to be an `@ModelAttribute`, if
|
||||
// it is not an implicit request param
|
||||
not isNotDirectlyTaintedInput() and
|
||||
not isExplicitlyTaintedInput() and
|
||||
not isImplicitRequestParam()
|
||||
not this.isNotDirectlyTaintedInput() and
|
||||
not this.isExplicitlyTaintedInput() and
|
||||
not this.isImplicitRequestParam()
|
||||
}
|
||||
|
||||
/** Holds if this is an explicit or implicit `@ModelAttribute` parameter. */
|
||||
predicate isModelAttribute() {
|
||||
isImplicitModelAttribute() or
|
||||
getAnAnnotation() instanceof SpringModelAttributeAnnotation
|
||||
this.isImplicitModelAttribute() or
|
||||
this.getAnAnnotation() instanceof SpringModelAttributeAnnotation
|
||||
}
|
||||
|
||||
/** Holds if the input is tainted. */
|
||||
predicate isTaintedInput() {
|
||||
isExplicitlyTaintedInput()
|
||||
this.isExplicitlyTaintedInput()
|
||||
or
|
||||
// Any parameter which is not explicitly identified, is consider to be an `@RequestParam`, if
|
||||
// it is a simple bean property) or a @ModelAttribute if not
|
||||
not isNotDirectlyTaintedInput()
|
||||
not this.isNotDirectlyTaintedInput()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -286,7 +294,7 @@ class SpringRequestMappingParameter extends Parameter {
|
||||
* the method, which will be used to render the response e.g. as a JSP file.
|
||||
*/
|
||||
abstract class SpringModel extends Parameter {
|
||||
SpringModel() { getCallable() instanceof SpringRequestMappingMethod }
|
||||
SpringModel() { this.getCallable() instanceof SpringRequestMappingMethod }
|
||||
|
||||
/**
|
||||
* Types for which instances are placed inside the model.
|
||||
@@ -298,11 +306,11 @@ abstract class SpringModel extends Parameter {
|
||||
* A `java.util.Map` can be accepted as the model parameter for a Spring `RequestMapping` method.
|
||||
*/
|
||||
class SpringModelPlainMap extends SpringModel {
|
||||
SpringModelPlainMap() { getType() instanceof MapType }
|
||||
SpringModelPlainMap() { this.getType() instanceof MapType }
|
||||
|
||||
override RefType getATypeInModel() {
|
||||
exists(MethodAccess methodCall |
|
||||
methodCall.getQualifier() = getAnAccess() and
|
||||
methodCall.getQualifier() = this.getAnAccess() and
|
||||
methodCall.getCallee().hasName("put")
|
||||
|
|
||||
result = methodCall.getArgument(1).getType()
|
||||
@@ -316,13 +324,13 @@ class SpringModelPlainMap extends SpringModel {
|
||||
*/
|
||||
class SpringModelModel extends SpringModel {
|
||||
SpringModelModel() {
|
||||
getType().(RefType).hasQualifiedName("org.springframework.ui", "Model") or
|
||||
getType().(RefType).hasQualifiedName("org.springframework.ui", "ModelMap")
|
||||
this.getType().(RefType).hasQualifiedName("org.springframework.ui", "Model") or
|
||||
this.getType().(RefType).hasQualifiedName("org.springframework.ui", "ModelMap")
|
||||
}
|
||||
|
||||
override RefType getATypeInModel() {
|
||||
exists(MethodAccess methodCall |
|
||||
methodCall.getQualifier() = getAnAccess() and
|
||||
methodCall.getQualifier() = this.getAnAccess() and
|
||||
methodCall.getCallee().hasName("addAttribute")
|
||||
|
|
||||
result = methodCall.getArgument(methodCall.getNumArgument() - 1).getType()
|
||||
|
||||
@@ -18,7 +18,7 @@ class ExpressionEvaluationMethod extends Method {
|
||||
* The class `org.springframework.expression.ExpressionParser`.
|
||||
*/
|
||||
class ExpressionParser extends RefType {
|
||||
ExpressionParser() { hasQualifiedName("org.springframework.expression", "ExpressionParser") }
|
||||
ExpressionParser() { this.hasQualifiedName("org.springframework.expression", "ExpressionParser") }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -26,7 +26,7 @@ class ExpressionParser extends RefType {
|
||||
*/
|
||||
class SimpleEvaluationContextBuilder extends RefType {
|
||||
SimpleEvaluationContextBuilder() {
|
||||
hasQualifiedName("org.springframework.expression.spel.support",
|
||||
this.hasQualifiedName("org.springframework.expression.spel.support",
|
||||
"SimpleEvaluationContext$Builder")
|
||||
}
|
||||
}
|
||||
@@ -35,7 +35,7 @@ class SimpleEvaluationContextBuilder extends RefType {
|
||||
* The class `org.springframework.expression.Expression`.
|
||||
*/
|
||||
class Expression extends RefType {
|
||||
Expression() { hasQualifiedName("org.springframework.expression", "Expression") }
|
||||
Expression() { this.hasQualifiedName("org.springframework.expression", "Expression") }
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -43,6 +43,6 @@ class Expression extends RefType {
|
||||
*/
|
||||
class SimpleEvaluationContext extends RefType {
|
||||
SimpleEvaluationContext() {
|
||||
hasQualifiedName("org.springframework.expression.spel.support", "SimpleEvaluationContext")
|
||||
this.hasQualifiedName("org.springframework.expression.spel.support", "SimpleEvaluationContext")
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,22 +16,22 @@ class SpringRemotingDestination extends SpringXMLElement {
|
||||
* Gets the bean that this remoting destination refers to.
|
||||
*/
|
||||
SpringBean getSpringBean() {
|
||||
result = getParent() or
|
||||
result.getBeanIdentifier() = getAttribute("ref").getValue()
|
||||
result = this.getParent() or
|
||||
result.getBeanIdentifier() = this.getAttribute("ref").getValue()
|
||||
}
|
||||
|
||||
/**
|
||||
* Methods that are specifically included when the bean is exposed as a remote destination.
|
||||
*/
|
||||
string getAnIncludeMethod() {
|
||||
result = getAttribute("include-methods").getValue().splitAt(",").trim()
|
||||
result = this.getAttribute("include-methods").getValue().splitAt(",").trim()
|
||||
}
|
||||
|
||||
/**
|
||||
* Methods that are specifically excluded when the bean is exposed as a remote destination.
|
||||
*/
|
||||
string getAnExcludeMethod() {
|
||||
result = getAttribute("exclude-methods").getValue().splitAt(",").trim()
|
||||
result = this.getAttribute("exclude-methods").getValue().splitAt(",").trim()
|
||||
}
|
||||
}
|
||||
|
||||
@@ -44,7 +44,7 @@ class SpringRemotingDestinationClass extends Class {
|
||||
this = remotingDestination.getSpringBean().getClass()
|
||||
)
|
||||
or
|
||||
hasAnnotation("org.springframework.flex.remoting", "RemotingDestination") and
|
||||
this.hasAnnotation("org.springframework.flex.remoting", "RemotingDestination") and
|
||||
// Must either be a live bean, or a live component.
|
||||
(
|
||||
this.(SpringComponent).isLive() or
|
||||
@@ -66,11 +66,11 @@ class SpringRemotingDestinationClass extends Class {
|
||||
* basis, only those methods that are not marked as excluded are exported.
|
||||
*/
|
||||
predicate isIncluding() {
|
||||
exists(Method m | m = getAMethod() |
|
||||
exists(Method m | m = this.getAMethod() |
|
||||
m.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude")
|
||||
)
|
||||
or
|
||||
exists(getRemotingDestinationXML().getAnIncludeMethod())
|
||||
exists(this.getRemotingDestinationXML().getAnIncludeMethod())
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -78,13 +78,13 @@ class SpringRemotingDestinationClass extends Class {
|
||||
*/
|
||||
Method getARemotingMethod() {
|
||||
result = this.getAMethod() and
|
||||
if isIncluding()
|
||||
if this.isIncluding()
|
||||
then
|
||||
result.hasAnnotation("org.springframework.flex.remoting", "RemotingInclude") or
|
||||
result.getName() = getRemotingDestinationXML().getAnIncludeMethod()
|
||||
result.getName() = this.getRemotingDestinationXML().getAnIncludeMethod()
|
||||
else (
|
||||
not result.hasAnnotation("org.springframework.flex.remoting", "RemotingExclude") and
|
||||
not result.getName() = getRemotingDestinationXML().getAnExcludeMethod()
|
||||
not result.getName() = this.getRemotingDestinationXML().getAnExcludeMethod()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -26,10 +26,10 @@ class SpringProfileExpr extends string {
|
||||
*/
|
||||
predicate isActive() {
|
||||
(
|
||||
getProfile() instanceof AlwaysEnabledSpringProfile or
|
||||
getProfile() instanceof SometimesEnabledSpringProfile
|
||||
this.getProfile() instanceof AlwaysEnabledSpringProfile or
|
||||
this.getProfile() instanceof SometimesEnabledSpringProfile
|
||||
) and
|
||||
not getProfile() instanceof NeverEnabledSpringProfile
|
||||
not this.getProfile() instanceof NeverEnabledSpringProfile
|
||||
}
|
||||
}
|
||||
|
||||
@@ -48,7 +48,7 @@ class NotSpringProfileExpr extends SpringProfileExpr {
|
||||
* This profile expression is active if it can ever be evaluated to true, according to our
|
||||
* knowledge of which profiles are sometimes/never/always enabled.
|
||||
*/
|
||||
override predicate isActive() { not getProfile() instanceof AlwaysEnabledSpringProfile }
|
||||
override predicate isActive() { not this.getProfile() instanceof AlwaysEnabledSpringProfile }
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -25,7 +25,7 @@ class SpringNativeWebRequest extends Class {
|
||||
*/
|
||||
class ModelAndView extends Class {
|
||||
ModelAndView() {
|
||||
hasQualifiedName(["org.springframework.web.servlet", "org.springframework.web.portlet"],
|
||||
this.hasQualifiedName(["org.springframework.web.servlet", "org.springframework.web.portlet"],
|
||||
"ModelAndView")
|
||||
}
|
||||
}
|
||||
@@ -33,7 +33,7 @@ class ModelAndView extends Class {
|
||||
/** A call to the Spring `ModelAndView.setViewName` method. */
|
||||
class SpringModelAndViewSetViewNameCall extends MethodAccess {
|
||||
SpringModelAndViewSetViewNameCall() {
|
||||
getMethod().getDeclaringType() instanceof ModelAndView and
|
||||
getMethod().hasName("setViewName")
|
||||
this.getMethod().getDeclaringType() instanceof ModelAndView and
|
||||
this.getMethod().hasName("setViewName")
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user