mirror of
https://github.com/github/codeql.git
synced 2026-04-28 02:05:14 +02:00
rename more acronyms
This commit is contained in:
erik-krogh
@@ -27,7 +27,7 @@ class MXBean extends ManagedBean {
|
||||
class RegisteredManagedBeanImpl extends Class {
|
||||
RegisteredManagedBeanImpl() {
|
||||
this.getAnAncestor() instanceof ManagedBean and
|
||||
exists(JMXRegistrationCall registerCall | registerCall.getObjectArgument().getType() = this)
|
||||
exists(JmxRegistrationCall registerCall | registerCall.getObjectArgument().getType() = this)
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -39,32 +39,35 @@ class RegisteredManagedBeanImpl extends Class {
|
||||
/**
|
||||
* A call that registers an object with the `MBeanServer`, directly or indirectly.
|
||||
*/
|
||||
class JMXRegistrationCall extends MethodAccess {
|
||||
JMXRegistrationCall() { this.getCallee() instanceof JMXRegistrationMethod }
|
||||
class JmxRegistrationCall extends MethodAccess {
|
||||
JmxRegistrationCall() { this.getCallee() instanceof JmxRegistrationMethod }
|
||||
|
||||
/**
|
||||
* Gets the argument that represents the object in the registration call.
|
||||
*/
|
||||
Expr getObjectArgument() {
|
||||
result = this.getArgument(this.getCallee().(JMXRegistrationMethod).getObjectPosition())
|
||||
result = this.getArgument(this.getCallee().(JmxRegistrationMethod).getObjectPosition())
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JmxRegistrationCall */
|
||||
deprecated class JMXRegistrationCall = JmxRegistrationCall;
|
||||
|
||||
/**
|
||||
* A method used to register `MBean` and `MXBean` instances with the `MBeanServer`.
|
||||
*
|
||||
* This is either the `registerMBean` method on `MBeanServer`, or it is a wrapper around that
|
||||
* registration method.
|
||||
*/
|
||||
class JMXRegistrationMethod extends Method {
|
||||
JMXRegistrationMethod() {
|
||||
class JmxRegistrationMethod extends Method {
|
||||
JmxRegistrationMethod() {
|
||||
// A direct registration with the `MBeanServer`.
|
||||
this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
|
||||
this.getName() = "registerMBean"
|
||||
or
|
||||
// The `MBeanServer` is often wrapped by an application specific management class, so identify
|
||||
// methods that wrap a call to another `JMXRegistrationMethod`.
|
||||
exists(JMXRegistrationCall c |
|
||||
// methods that wrap a call to another `JmxRegistrationMethod`.
|
||||
exists(JmxRegistrationCall c |
|
||||
// This must be a call to another JMX registration method, where the object argument is an access
|
||||
// of one of the parameters of this method.
|
||||
c.getObjectArgument().(VarAccess).getVariable() = this.getAParameter()
|
||||
@@ -81,25 +84,37 @@ class JMXRegistrationMethod extends Method {
|
||||
result = 0
|
||||
or
|
||||
// Identify the position in this method where the object parameter should be passed.
|
||||
exists(JMXRegistrationCall c |
|
||||
exists(JmxRegistrationCall c |
|
||||
c.getObjectArgument().(VarAccess).getVariable() = this.getParameter(result)
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JmxRegistrationMethod */
|
||||
deprecated class JMXRegistrationMethod = JmxRegistrationMethod;
|
||||
|
||||
/** The class `javax.management.remote.JMXConnectorFactory`. */
|
||||
class TypeJMXConnectorFactory extends Class {
|
||||
TypeJMXConnectorFactory() {
|
||||
class TypeJmxConnectorFactory extends Class {
|
||||
TypeJmxConnectorFactory() {
|
||||
this.hasQualifiedName("javax.management.remote", "JMXConnectorFactory")
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeJmxConnectorFactory */
|
||||
deprecated class TypeJMXConnectorFactory = TypeJmxConnectorFactory;
|
||||
|
||||
/** The class `javax.management.remote.JMXServiceURL`. */
|
||||
class TypeJMXServiceURL extends Class {
|
||||
TypeJMXServiceURL() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") }
|
||||
class TypeJmxServiceUrl extends Class {
|
||||
TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeJmxServiceUrl */
|
||||
deprecated class TypeJMXServiceURL = TypeJmxServiceUrl;
|
||||
|
||||
/** The class `javax.management.remote.rmi.RMIConnector`. */
|
||||
class TypeRMIConnector extends Class {
|
||||
TypeRMIConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") }
|
||||
class TypeRmiConnector extends Class {
|
||||
TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for TypeRmiConnector */
|
||||
deprecated class TypeRMIConnector = TypeRmiConnector;
|
||||
|
||||
@@ -15,7 +15,7 @@ private class SpecialMethodAccess extends MethodAccess {
|
||||
this.getQualifier().getType().(RefType).hasQualifiedName("java.lang", klass)
|
||||
}
|
||||
|
||||
predicate throwsNFE() {
|
||||
predicate throwsNfe() {
|
||||
this.isParseMethod("Byte", "parseByte") or
|
||||
this.isParseMethod("Short", "parseShort") or
|
||||
this.isParseMethod("Integer", "parseInt") or
|
||||
@@ -33,6 +33,9 @@ private class SpecialMethodAccess extends MethodAccess {
|
||||
this.isValueOfMethod("Float") or
|
||||
this.isValueOfMethod("Double")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE() { this.throwsNfe() }
|
||||
}
|
||||
|
||||
/** A `ClassInstanceExpr` that constructs a number from its string representation. */
|
||||
@@ -43,7 +46,7 @@ private class SpecialClassInstanceExpr extends ClassInstanceExpr {
|
||||
this.getNumArgument() = 1
|
||||
}
|
||||
|
||||
predicate throwsNFE() {
|
||||
predicate throwsNfe() {
|
||||
this.isStringConstructor("Byte") or
|
||||
this.isStringConstructor("Short") or
|
||||
this.isStringConstructor("Integer") or
|
||||
@@ -51,6 +54,9 @@ private class SpecialClassInstanceExpr extends ClassInstanceExpr {
|
||||
this.isStringConstructor("Float") or
|
||||
this.isStringConstructor("Double")
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE() { this.throwsNfe() }
|
||||
}
|
||||
|
||||
/** The class `java.lang.NumberFormatException`. */
|
||||
@@ -59,7 +65,7 @@ class NumberFormatException extends RefType {
|
||||
}
|
||||
|
||||
/** Holds if `java.lang.NumberFormatException` is caught. */
|
||||
predicate catchesNFE(TryStmt t) {
|
||||
predicate catchesNfe(TryStmt t) {
|
||||
exists(CatchClause cc, LocalVariableDeclExpr v |
|
||||
t.getACatchClause() = cc and
|
||||
cc.getVariable() = v and
|
||||
@@ -67,7 +73,13 @@ predicate catchesNFE(TryStmt t) {
|
||||
)
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for catchesNfe */
|
||||
deprecated predicate catchesNFE = catchesNfe/1;
|
||||
|
||||
/** Holds if `java.lang.NumberFormatException` can be thrown. */
|
||||
predicate throwsNFE(Expr e) {
|
||||
e.(SpecialClassInstanceExpr).throwsNFE() or e.(SpecialMethodAccess).throwsNFE()
|
||||
predicate throwsNfe(Expr e) {
|
||||
e.(SpecialClassInstanceExpr).throwsNfe() or e.(SpecialMethodAccess).throwsNfe()
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for throwsNfe */
|
||||
deprecated predicate throwsNFE = throwsNfe/1;
|
||||
|
||||
@@ -88,7 +88,7 @@ private class ReverseDnsSource extends RemoteFlowSource {
|
||||
ReverseDnsSource() {
|
||||
// Try not to trigger on `localhost`.
|
||||
exists(MethodAccess m | m = this.asExpr() |
|
||||
m.getMethod() instanceof ReverseDNSMethod and
|
||||
m.getMethod() instanceof ReverseDnsMethod and
|
||||
not exists(MethodAccess l |
|
||||
(variableStep(l, m.getQualifier()) or l = m.getQualifier()) and
|
||||
l.getMethod().getName() = "getLocalHost"
|
||||
@@ -221,8 +221,8 @@ class TypeInetAddr extends RefType {
|
||||
}
|
||||
|
||||
/** A reverse DNS method. */
|
||||
class ReverseDNSMethod extends Method {
|
||||
ReverseDNSMethod() {
|
||||
class ReverseDnsMethod extends Method {
|
||||
ReverseDnsMethod() {
|
||||
this.getDeclaringType() instanceof TypeInetAddr and
|
||||
(
|
||||
this.getName() = "getHostName" or
|
||||
@@ -231,6 +231,9 @@ class ReverseDNSMethod extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for ReverseDnsMethod */
|
||||
deprecated class ReverseDNSMethod = ReverseDnsMethod;
|
||||
|
||||
/** Android `Intent` that may have come from a hostile application. */
|
||||
class AndroidIntentInput extends DataFlow::Node {
|
||||
Type receiverType;
|
||||
|
||||
@@ -162,7 +162,7 @@ class LiveClass extends SourceClassOrInterface {
|
||||
exists(LiveField f | f.getDeclaringType() = this |
|
||||
// A `serialVersionUID` field is considered to be a live field, but is
|
||||
// not be enough to be make this class live.
|
||||
not f instanceof SerialVersionUIDField
|
||||
not f instanceof SerialVersionUidField
|
||||
)
|
||||
or
|
||||
// If this is a namespace class, it is live if there is at least one live nested class.
|
||||
@@ -250,7 +250,7 @@ class DeadMethod extends Callable {
|
||||
// These getters and setters are often generated in an ad-hoc way by the developer, which leads to
|
||||
// methods that are theoretically dead, but uninteresting. We therefore ignore them, so long as
|
||||
// they are "simple".
|
||||
not exists(JPAReadField readField | this.getDeclaringType() = readField.getDeclaringType() |
|
||||
not exists(JpaReadField readField | this.getDeclaringType() = readField.getDeclaringType() |
|
||||
this.(GetterMethod).getField() = readField or
|
||||
this.(SetterMethod).getField() = readField
|
||||
)
|
||||
|
||||
@@ -87,8 +87,8 @@ abstract class WhitelistedLiveField extends Field { }
|
||||
* A static, final, long field named `serialVersionUID` in a class that extends `Serializable` acts as
|
||||
* a version number for the serialization framework.
|
||||
*/
|
||||
class SerialVersionUIDField extends ReflectivelyReadField {
|
||||
SerialVersionUIDField() {
|
||||
class SerialVersionUidField extends ReflectivelyReadField {
|
||||
SerialVersionUidField() {
|
||||
this.hasName("serialVersionUID") and
|
||||
this.isStatic() and
|
||||
this.isFinal() and
|
||||
@@ -97,6 +97,9 @@ class SerialVersionUIDField extends ReflectivelyReadField {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SerialVersionUidField */
|
||||
deprecated class SerialVersionUIDField = SerialVersionUidField;
|
||||
|
||||
/**
|
||||
* A field is read by the JAXB during serialization if it is a JAXB bound field, and if the
|
||||
* containing class is considered "live".
|
||||
@@ -154,8 +157,8 @@ class JacksonMixinReflextivelyReadField extends ReflectivelyReadField {
|
||||
/**
|
||||
* A field which is read by a JPA compatible Java persistence framework.
|
||||
*/
|
||||
class JPAReadField extends ReflectivelyReadField {
|
||||
JPAReadField() {
|
||||
class JpaReadField extends ReflectivelyReadField {
|
||||
JpaReadField() {
|
||||
exists(PersistentEntity entity |
|
||||
this = entity.getAField() and
|
||||
(
|
||||
@@ -169,3 +172,6 @@ class JPAReadField extends ReflectivelyReadField {
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JpaReadField */
|
||||
deprecated class JPAReadField = JpaReadField;
|
||||
|
||||
@@ -128,8 +128,8 @@ class JacksonMixinCallableEntryPoint extends EntryPoint {
|
||||
override Callable getALiveCallable() { result = this }
|
||||
}
|
||||
|
||||
class JAXAnnotationReflectivelyConstructedClass extends ReflectivelyConstructedClass {
|
||||
JAXAnnotationReflectivelyConstructedClass() {
|
||||
class JaxAnnotationReflectivelyConstructedClass extends ReflectivelyConstructedClass {
|
||||
JaxAnnotationReflectivelyConstructedClass() {
|
||||
this instanceof JaxWsEndpoint or
|
||||
this instanceof JaxbXmlRegistry or
|
||||
this instanceof JaxRsResourceClass or
|
||||
@@ -137,6 +137,10 @@ class JAXAnnotationReflectivelyConstructedClass extends ReflectivelyConstructedC
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxAnnotationReflectivelyConstructedClass */
|
||||
deprecated class JAXAnnotationReflectivelyConstructedClass =
|
||||
JaxAnnotationReflectivelyConstructedClass;
|
||||
|
||||
class DeserializedClass extends ReflectivelyConstructedClass {
|
||||
DeserializedClass() {
|
||||
exists(CastingExpr cast, ReadObjectMethod readObject |
|
||||
@@ -342,8 +346,8 @@ class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
}
|
||||
}
|
||||
|
||||
class JAXBDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
JAXBDeserializationEntryPoint() {
|
||||
class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
JaxbDeserializationEntryPoint() {
|
||||
// A class can be deserialized by JAXB if it's an `XmlRootElement`...
|
||||
this.getAnAnnotation().getType().hasQualifiedName("javax.xml.bind.annotation", "XmlRootElement")
|
||||
or
|
||||
@@ -356,6 +360,9 @@ class JAXBDeserializationEntryPoint extends ReflectivelyConstructedClass {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxbDeserializationEntryPoint */
|
||||
deprecated class JAXBDeserializationEntryPoint = JaxbDeserializationEntryPoint;
|
||||
|
||||
/**
|
||||
* A `javax.annotation` for a method that is called after or before dependency injection on a type.
|
||||
*
|
||||
|
||||
@@ -104,8 +104,8 @@ class SpringAspect extends CallableEntryPoint {
|
||||
/**
|
||||
* Spring Shell provides annotations for identifying methods that contribute CLI commands.
|
||||
*/
|
||||
class SpringCLI extends CallableEntryPoint {
|
||||
SpringCLI() {
|
||||
class SpringCli extends CallableEntryPoint {
|
||||
SpringCli() {
|
||||
(
|
||||
hasAnnotation("org.springframework.shell.core.annotation", "CliCommand") or
|
||||
hasAnnotation("org.springframework.shell.core.annotation", "CliAvailabilityIndicator")
|
||||
@@ -116,6 +116,9 @@ class SpringCLI extends CallableEntryPoint {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for SpringCli */
|
||||
deprecated class SpringCLI = SpringCli;
|
||||
|
||||
/**
|
||||
* An entry point which acts as a remote API for a Flex application to access a Spring application.
|
||||
*/
|
||||
|
||||
@@ -58,15 +58,18 @@ class ServletFilterClass extends ReflectivelyConstructedClass {
|
||||
/**
|
||||
* An entry point into a GWT application.
|
||||
*/
|
||||
class GWTEntryPointConstructedClass extends ReflectivelyConstructedClass {
|
||||
GWTEntryPointConstructedClass() { this.(GwtEntryPointClass).isLive() }
|
||||
class GwtEntryPointConstructedClass extends ReflectivelyConstructedClass {
|
||||
GwtEntryPointConstructedClass() { this.(GwtEntryPointClass).isLive() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtEntryPointConstructedClass */
|
||||
deprecated class GWTEntryPointConstructedClass = GwtEntryPointConstructedClass;
|
||||
|
||||
/**
|
||||
* Servlets referred to from a GWT module config file.
|
||||
*/
|
||||
class GWTServletClass extends ReflectivelyConstructedClass {
|
||||
GWTServletClass() {
|
||||
class GwtServletClass extends ReflectivelyConstructedClass {
|
||||
GwtServletClass() {
|
||||
this instanceof ServletClass and
|
||||
// There must be evidence that GWT is being used, otherwise missing `*.gwt.xml` files could cause
|
||||
// all `Servlet`s to be live.
|
||||
@@ -81,6 +84,9 @@ class GWTServletClass extends ReflectivelyConstructedClass {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for GwtServletClass */
|
||||
deprecated class GWTServletClass = GwtServletClass;
|
||||
|
||||
/**
|
||||
* Methods that may be called reflectively by the UiHandler framework.
|
||||
*/
|
||||
|
||||
@@ -13,7 +13,7 @@ import semmle.code.java.frameworks.camel.CamelJavaAnnotations
|
||||
class CamelToUri extends string {
|
||||
CamelToUri() {
|
||||
exists(SpringCamelXmlToElement toXmlElement | this = toXmlElement.getUri()) or
|
||||
exists(CamelJavaDSLToDecl toJavaDSL | this = toJavaDSL.getUri())
|
||||
exists(CamelJavaDslToDecl toJavaDsl | this = toJavaDsl.getUri())
|
||||
}
|
||||
}
|
||||
|
||||
@@ -77,13 +77,13 @@ class CamelTargetClass extends Class {
|
||||
this = xmlMethod.getBeanType()
|
||||
)
|
||||
or
|
||||
exists(CamelJavaDSLMethodDecl methodDecl | this = methodDecl.getABean())
|
||||
exists(CamelJavaDslMethodDecl methodDecl | this = methodDecl.getABean())
|
||||
or
|
||||
// Any beans referred to in Java DSL bean or beanRef elements are considered as possible
|
||||
// targets. Whether the route builder is ever constructed or called is not considered.
|
||||
exists(CamelJavaDSLBeanDecl beanDecl | this = beanDecl.getABeanClass())
|
||||
exists(CamelJavaDslBeanDecl beanDecl | this = beanDecl.getABeanClass())
|
||||
or
|
||||
exists(CamelJavaDSLBeanRefDecl beanRefDecl | this = beanRefDecl.getABeanClass())
|
||||
exists(CamelJavaDslBeanRefDecl beanRefDecl | this = beanRefDecl.getABeanClass())
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -2,20 +2,26 @@
|
||||
|
||||
import semmle.code.java.Type
|
||||
|
||||
library class JAXBElement extends Class {
|
||||
JAXBElement() {
|
||||
library class JaxbElement extends Class {
|
||||
JaxbElement() {
|
||||
this.getAnAncestor().getQualifiedName() = "javax.xml.bind.JAXBElement" or
|
||||
this.getAnAnnotation().getType().getName() = "XmlRootElement"
|
||||
}
|
||||
}
|
||||
|
||||
library class JAXBMarshalMethod extends Method {
|
||||
JAXBMarshalMethod() {
|
||||
/** DEPRECATED: Alias for JaxbElement */
|
||||
deprecated class JAXBElement = JaxbElement;
|
||||
|
||||
library class JaxbMarshalMethod extends Method {
|
||||
JaxbMarshalMethod() {
|
||||
this.getDeclaringType().getQualifiedName() = "javax.xml.bind.Marshaller" and
|
||||
this.getName() = "marshal"
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for JaxbMarshalMethod */
|
||||
deprecated class JAXBMarshalMethod = JaxbMarshalMethod;
|
||||
|
||||
class JaxbAnnotationType extends AnnotationType {
|
||||
JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" }
|
||||
}
|
||||
|
||||
@@ -58,13 +58,16 @@ class MethodUnboundIdFilterCreate extends Method {
|
||||
}
|
||||
|
||||
/** A method with the name `createANDFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
|
||||
class MethodUnboundIdFilterCreateANDFilter extends Method {
|
||||
MethodUnboundIdFilterCreateANDFilter() {
|
||||
class MethodUnboundIdFilterCreateAndFilter extends Method {
|
||||
MethodUnboundIdFilterCreateAndFilter() {
|
||||
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
|
||||
this.hasName("createANDFilter")
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for MethodUnboundIdFilterCreateAndFilter */
|
||||
deprecated class MethodUnboundIdFilterCreateANDFilter = MethodUnboundIdFilterCreateAndFilter;
|
||||
|
||||
/** A method with the name `createORFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
|
||||
class MethodUnboundIdFilterCreateORFilter extends Method {
|
||||
MethodUnboundIdFilterCreateORFilter() {
|
||||
@@ -73,9 +76,12 @@ class MethodUnboundIdFilterCreateORFilter extends Method {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for MethodUnboundIdFilterCreateNOTFilter */
|
||||
deprecated class MethodUnboundIdFilterCreateNOTFilter = MethodUnboundIdFilterCreateNotFilter;
|
||||
|
||||
/** A method with the name `createNOTFilter` declared in `com.unboundid.ldap.sdk.Filter`. */
|
||||
class MethodUnboundIdFilterCreateNOTFilter extends Method {
|
||||
MethodUnboundIdFilterCreateNOTFilter() {
|
||||
class MethodUnboundIdFilterCreateNotFilter extends Method {
|
||||
MethodUnboundIdFilterCreateNotFilter() {
|
||||
this.getDeclaringType() instanceof TypeUnboundIdLdapFilter and
|
||||
this.hasName("createNOTFilter")
|
||||
}
|
||||
|
||||
@@ -35,8 +35,8 @@ library class ProcessorDefinitionElement extends MethodAccess {
|
||||
*
|
||||
* This declares a "target" for this route, described by the URI given as the first argument.
|
||||
*/
|
||||
class CamelJavaDSLToDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDSLToDecl() { getMethod().hasName("to") }
|
||||
class CamelJavaDslToDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDslToDecl() { getMethod().hasName("to") }
|
||||
|
||||
/**
|
||||
* Gets the URI specified by this `to` declaration.
|
||||
@@ -47,14 +47,17 @@ class CamelJavaDSLToDecl extends ProcessorDefinitionElement {
|
||||
deprecated string getURI() { result = getUri() }
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslToDecl */
|
||||
deprecated class CamelJavaDSLToDecl = CamelJavaDslToDecl;
|
||||
|
||||
/**
|
||||
* A declaration of a "bean" target in the Apache Camel Java DSL.
|
||||
*
|
||||
* This declares a bean to call for this route. The bean is defined either by a Class<?> reference,
|
||||
* or the bean object itself.
|
||||
*/
|
||||
class CamelJavaDSLBeanDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDSLBeanDecl() { getMethod().hasName("bean") }
|
||||
class CamelJavaDslBeanDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDslBeanDecl() { getMethod().hasName("bean") }
|
||||
|
||||
/**
|
||||
* Gets a bean class that may be registered as a target by this `bean()` declaration.
|
||||
@@ -71,6 +74,9 @@ class CamelJavaDSLBeanDecl extends ProcessorDefinitionElement {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslBeanDecl */
|
||||
deprecated class CamelJavaDSLBeanDecl = CamelJavaDslBeanDecl;
|
||||
|
||||
/**
|
||||
* A declaration of a "beanRef" target in the Apache Camel Java DSL.
|
||||
*
|
||||
@@ -78,8 +84,8 @@ class CamelJavaDSLBeanDecl extends ProcessorDefinitionElement {
|
||||
* the bean reference is dependent on which registries are used by Apache Camel, but we make the
|
||||
* assumption that it either represetns a qualified name, or a Srping bean identifier.
|
||||
*/
|
||||
class CamelJavaDSLBeanRefDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDSLBeanRefDecl() { getMethod().hasName("beanRef") }
|
||||
class CamelJavaDslBeanRefDecl extends ProcessorDefinitionElement {
|
||||
CamelJavaDslBeanRefDecl() { getMethod().hasName("beanRef") }
|
||||
|
||||
/**
|
||||
* Gets the string describing the bean referred to.
|
||||
@@ -98,13 +104,16 @@ class CamelJavaDSLBeanRefDecl extends ProcessorDefinitionElement {
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslBeanRefDecl */
|
||||
deprecated class CamelJavaDSLBeanRefDecl = CamelJavaDslBeanRefDecl;
|
||||
|
||||
/**
|
||||
* A "method" Camel expression in the Apache Camel Java DSL.
|
||||
*
|
||||
* An expression that represents a call to a bean, or particular method on a bean.
|
||||
*/
|
||||
class CamelJavaDSLMethodDecl extends MethodAccess {
|
||||
CamelJavaDSLMethodDecl() {
|
||||
class CamelJavaDslMethodDecl extends MethodAccess {
|
||||
CamelJavaDslMethodDecl() {
|
||||
getMethod()
|
||||
.getDeclaringType()
|
||||
.getSourceDeclaration()
|
||||
@@ -129,3 +138,6 @@ class CamelJavaDSLMethodDecl extends MethodAccess {
|
||||
else result = getArgument(0).getType()
|
||||
}
|
||||
}
|
||||
|
||||
/** DEPRECATED: Alias for CamelJavaDslMethodDecl */
|
||||
deprecated class CamelJavaDSLMethodDecl = CamelJavaDslMethodDecl;
|
||||
|
||||
@@ -49,7 +49,7 @@ private class Serializable extends ClassStore {
|
||||
|
||||
/** The instantiation of a marshallable class, which can be stored to disk as XML. */
|
||||
private class Marshallable extends ClassStore {
|
||||
Marshallable() { this.getConstructor().getDeclaringType() instanceof JAXBElement }
|
||||
Marshallable() { this.getConstructor().getDeclaringType() instanceof JaxbElement }
|
||||
|
||||
/** Gets a store, for example `marshaller.marshal(instance)`. */
|
||||
override Expr getAStore() {
|
||||
@@ -69,7 +69,7 @@ private Expr getInstanceInput(DataFlow::Node instance, RefType t) {
|
||||
fa.getField().getDeclaringType() = t
|
||||
|
|
||||
t.getASourceSupertype*() instanceof TypeSerializable or
|
||||
t instanceof JAXBElement
|
||||
t instanceof JaxbElement
|
||||
)
|
||||
}
|
||||
|
||||
@@ -98,7 +98,7 @@ private predicate serializableStore(DataFlow::Node instance, Expr store) {
|
||||
private predicate marshallableStore(DataFlow::Node instance, Expr store) {
|
||||
exists(MethodAccess m |
|
||||
store = m and
|
||||
m.getMethod() instanceof JAXBMarshalMethod and
|
||||
m.getMethod() instanceof JaxbMarshalMethod and
|
||||
instance.asExpr() = m.getArgument(0)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -176,7 +176,7 @@ private predicate nameAddStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
|
||||
* by calling `new JMXServiceURL(tainted)`.
|
||||
*/
|
||||
private predicate jmxServiceUrlStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeJMXServiceURL |
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeJmxServiceUrl |
|
||||
n1.asExpr() = cc.getAnArgument() and
|
||||
n2.asExpr() = cc
|
||||
)
|
||||
@@ -189,7 +189,7 @@ private predicate jmxServiceUrlStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2
|
||||
private predicate jmxConnectorStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
|
||||
exists(MethodAccess ma, Method m | n1.asExpr() = ma.getArgument(0) and n2.asExpr() = ma |
|
||||
ma.getMethod() = m and
|
||||
m.getDeclaringType() instanceof TypeJMXConnectorFactory and
|
||||
m.getDeclaringType() instanceof TypeJmxConnectorFactory and
|
||||
m.hasName("newJMXConnector")
|
||||
)
|
||||
}
|
||||
@@ -199,7 +199,7 @@ private predicate jmxConnectorStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2)
|
||||
* `RMIConnector` by calling `new RMIConnector(tainted)`.
|
||||
*/
|
||||
private predicate rmiConnectorStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeRMIConnector |
|
||||
exists(ConstructorCall cc | cc.getConstructedType() instanceof TypeRmiConnector |
|
||||
n1.asExpr() = cc.getAnArgument() and
|
||||
n2.asExpr() = cc
|
||||
)
|
||||
|
||||
@@ -140,8 +140,8 @@ private predicate filterStep(DataFlow::ExprNode n1, DataFlow::ExprNode n2) {
|
||||
ma.getMethod() = m
|
||||
|
|
||||
m instanceof MethodUnboundIdFilterCreate or
|
||||
m instanceof MethodUnboundIdFilterCreateANDFilter or
|
||||
m instanceof MethodUnboundIdFilterCreateNOTFilter or
|
||||
m instanceof MethodUnboundIdFilterCreateAndFilter or
|
||||
m instanceof MethodUnboundIdFilterCreateNotFilter or
|
||||
m instanceof MethodUnboundIdFilterCreateORFilter or
|
||||
m instanceof MethodUnboundIdFilterSimplifyFilter
|
||||
)
|
||||
|
||||
@@ -15,10 +15,10 @@ import semmle.code.java.NumberFormatException
|
||||
|
||||
from Expr e
|
||||
where
|
||||
throwsNFE(e) and
|
||||
throwsNfe(e) and
|
||||
not exists(TryStmt t |
|
||||
t.getBlock() = e.getEnclosingStmt().getEnclosingStmt*() and
|
||||
catchesNFE(t)
|
||||
catchesNfe(t)
|
||||
) and
|
||||
not exists(Callable c |
|
||||
e.getEnclosingCallable() = c and
|
||||
|
||||
@@ -117,12 +117,12 @@ predicate hasShortAsymmetricKeyPair(MethodAccess ma, string msg, string type) {
|
||||
}
|
||||
|
||||
/** Holds if a DSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
|
||||
predicate hasShortDSAKeyPair(MethodAccess ma, string msg) {
|
||||
predicate hasShortDsaKeyPair(MethodAccess ma, string msg) {
|
||||
hasShortAsymmetricKeyPair(ma, msg, "DSA") or hasShortAsymmetricKeyPair(ma, msg, "DH")
|
||||
}
|
||||
|
||||
/** Holds if a RSA `KeyPairGenerator` initialized by `ma` uses an insufficient key size. `msg` provides a human-readable description of the problem. */
|
||||
predicate hasShortRSAKeyPair(MethodAccess ma, string msg) {
|
||||
predicate hasShortRsaKeyPair(MethodAccess ma, string msg) {
|
||||
hasShortAsymmetricKeyPair(ma, msg, "RSA")
|
||||
}
|
||||
|
||||
@@ -147,7 +147,7 @@ predicate hasShortECKeyPair(MethodAccess ma, string msg) {
|
||||
from Expr e, string msg
|
||||
where
|
||||
hasShortAESKey(e, msg) or
|
||||
hasShortDSAKeyPair(e, msg) or
|
||||
hasShortRSAKeyPair(e, msg) or
|
||||
hasShortDsaKeyPair(e, msg) or
|
||||
hasShortRsaKeyPair(e, msg) or
|
||||
hasShortECKeyPair(e, msg)
|
||||
select e, msg
|
||||
|
||||
@@ -21,8 +21,8 @@ import DataFlow::PathGraph
|
||||
/**
|
||||
* Taint configuration tracking flow from untrusted inputs to number conversion calls in exported Android compononents.
|
||||
*/
|
||||
class NFELocalDoSConfiguration extends TaintTracking::Configuration {
|
||||
NFELocalDoSConfiguration() { this = "NFELocalDoSConfiguration" }
|
||||
class NfeLocalDoSConfiguration extends TaintTracking::Configuration {
|
||||
NfeLocalDoSConfiguration() { this = "NFELocalDoSConfiguration" }
|
||||
|
||||
/** Holds if source is a remote flow source */
|
||||
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
|
||||
@@ -31,17 +31,17 @@ class NFELocalDoSConfiguration extends TaintTracking::Configuration {
|
||||
override predicate isSink(DataFlow::Node sink) {
|
||||
exists(Expr e |
|
||||
e.getEnclosingCallable().getDeclaringType().(ExportableAndroidComponent).isExported() and
|
||||
throwsNFE(e) and
|
||||
throwsNfe(e) and
|
||||
not exists(TryStmt t |
|
||||
t.getBlock() = e.getAnEnclosingStmt() and
|
||||
catchesNFE(t)
|
||||
catchesNfe(t)
|
||||
) and
|
||||
sink.asExpr() = e
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, NFELocalDoSConfiguration conf
|
||||
from DataFlow::PathNode source, DataFlow::PathNode sink, NfeLocalDoSConfiguration conf
|
||||
where conf.hasFlowPath(source, sink)
|
||||
select sink.getNode(), source, sink,
|
||||
"Uncaught NumberFormatException in an exported Android component due to $@.", source.getNode(),
|
||||
|
||||
Reference in New Issue
Block a user