hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-06-24 14:17:05 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into andersfugmann/kotlin-2.4-v2

Browse Source
This commit is contained in:
Jeroen Ketema
2026-06-23 11:45:17 +02:00
committed by GitHub
parent 0f83586757 ec91865a7f
commit cd23341dab
694 changed files with 44812 additions and 8872 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
java/ql/integration-tests/java/buildless-erroneous/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-gradle-boms/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-gradle-classifiers/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-gradle-timeout/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "A Gradle process was aborted because it didn't write to the console for 5 seconds. Consider either lengthening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Gradle timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "note",

15
java/ql/integration-tests/java/buildless-gradle/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-inherit-trust-store/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-maven-executable-war/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-maven-existing-settings-xml/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

21
java/ql/integration-tests/java/buildless-maven-existing-settings-xml/maven-fetches.expected
View File

@@ -11,8 +11,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -31,12 +31,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -57,12 +57,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -70,6 +69,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

15
java/ql/integration-tests/java/buildless-maven-mirrorof/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

21
java/ql/integration-tests/java/buildless-maven-mirrorof/maven-fetches.expected
View File

@@ -8,8 +8,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -28,12 +28,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -54,12 +54,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -67,6 +66,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

15
java/ql/integration-tests/java/buildless-maven-multimodule/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

17
java/ql/integration-tests/java/buildless-maven-timeout/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "A Maven process was aborted because it didn't write to the console for 5 seconds. Consider either lenghtening the timeout if appropriate by setting CODEQL_EXTRACTOR_JAVA_BUILDLESS_CHILD_PROCESS_IDLE_TIMEOUT to a higher value or zero for no timeout, or else investigate why Maven timed out. Java analysis will continue, but the analysis may be of reduced quality.",
"severity": "note",
@@ -83,7 +98,7 @@
}
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-3:graph` failed. This means precise dependency information will be unavailable, and so dependencies will be guessed based on Java package names. Consider investigating why this plugin fails to run.",
"severity": "note",
"source": {
"extractorName": "java",

17
java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "At least one dependency JAR suggested by the build system could not be downloaded. This means the analysis will try to satisfy the dependency with its default choice for the required external package name, which may be the wrong version or the wrong package entirely. This may lead to partial analysis of code using this dependency. See the extraction log for full details. If the cause appears to be a temporary outage, consider retrying the analysis.",
"severity": "note",
@@ -97,7 +112,7 @@
}
}
{
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-2:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
"markdownMessage": "Running the Maven plugin `com.github.ferstl:depgraph-maven-plugin:4.0.3-CodeQL-3:graph` yielded an artifact transfer exception. This means some dependency information will be unavailable, and so some dependencies will be guessed based on Java package names. Consider investigating why this plugin encountered errors retrieving dependencies.",
"severity": "note",
"source": {
"extractorName": "java",

2
java/ql/integration-tests/java/buildless-maven-tolerate-unavailable-dependency/test.py
View File

@@ -1,4 +1,4 @@
def test(codeql, java):
def test(codeql, java, check_diagnostics_java):
codeql.database.create(
build_mode="none",
)

15
java/ql/integration-tests/java/buildless-maven/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

21
java/ql/integration-tests/java/buildless-maven/maven-fetches.expected
View File

@@ -11,8 +11,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-bom/2.18.6/jackson-bom-2.18.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/jackson/jackson-parent/2.18.4/jackson-parent-2.18.4.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/fasterxml/oss-parent/69/oss-parent-69.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-2/depgraph-maven-plugin-4.0.3-CodeQL-2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/github/ferstl/depgraph-maven-plugin/4.0.3-CodeQL-3/depgraph-maven-plugin-4.0.3-CodeQL-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/code/findbugs/jsr305/3.0.2/jsr305-3.0.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/com/google/errorprone/error_prone_annotations/2.36.0/error_prone_annotations-2.36.0.jar
@@ -31,12 +31,12 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/javax/annotation/javax.annotation-api/1.2/javax.annotation-api-1.2.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/net/java/jvnet-parent/3/jvnet-parent-3.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/19/apache-19.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/25/apache-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/27/apache-27.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.8.1/commons-lang3-3.8.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/47/commons-parent-47.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/apache/35/apache-35.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-lang3/3.18.0/commons-lang3-3.18.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/commons/commons-parent/85/commons-parent-85.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-artifact/3.8.6/maven-artifact-3.8.6.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/apache/maven/maven-model/3.8.6/maven-model-3.8.6.jar
@@ -57,12 +57,11 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-component-annotations/1.5.5/plexus-component-annotations-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-containers/1.5.5/plexus-containers-1.5.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.0.24/plexus-utils-3.0.24.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.3.1/plexus-utils-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus-utils/3.6.1/plexus-utils-3.6.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/2.0.7/plexus-2.0.7.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/25/plexus-25.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/3.3.1/plexus-3.3.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/4.0/plexus-4.0.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/codehaus/plexus/plexus/5.1/plexus-5.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.jar
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.inject/0.3.5/org.eclipse.sisu.inject-0.3.5.pom
@@ -70,6 +69,8 @@ Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferst
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/org.eclipse.sisu.plexus/0.3.5/org.eclipse.sisu.plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-inject/0.3.5/sisu-inject-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/eclipse/sisu/sisu-plexus/0.3.5/sisu-plexus-0.3.5.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.13.1/junit-bom-5.13.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.14.1/junit-bom-5.14.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/junit/junit-bom/5.9.1/junit-bom-5.9.1.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/forge/forge-parent/10/forge-parent-10.pom
Downloaded from codeql-depgraph-plugin-repo: file://[dist-root]/java/tools/ferstl-depgraph-dependencies/org/sonatype/oss/oss-parent/7/oss-parent-7.pom

15
java/ql/integration-tests/java/buildless-proxy-gradle/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Gradle to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-proxy-maven/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless-sibling-projects/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis dropped the following dependencies because a sibling project depends on a higher version:\n\n* `junit/junit-4.11`",
"severity": "unknown",

15
java/ql/integration-tests/java/buildless/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Because no usable build tool (Gradle, Maven, etc) was found, build scripts could not be queried for guidance about the appropriate JDK version for the code being extracted, or precise dependency information. The default JDK will be used, and external dependencies will be inferred from the Java package names used.",
"severity": "unknown",

18
java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected
View File

@@ -1,3 +1,21 @@
{
"attributes": {
"java_vendor": "__REDACTED__",
"java_version": "11.0.31"
},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
"severity": "warning",

3
java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/test.py
View File

@@ -4,7 +4,8 @@ import pathlib
# The version of gradle used doesn't work on java 17
def test(codeql, use_java_11, java, environment):
def test(codeql, use_java_11, java, environment, check_diagnostics):
check_diagnostics.redact += ["attributes.java_vendor"]
gradle_override_dir = pathlib.Path(tempfile.mkdtemp())
if runs_on.windows:
(gradle_override_dir / "gradle.bat").write_text("@echo off\nexit /b 2\n")

15
java/ql/integration-tests/java/maven-download-failure/diagnostics.expected
View File

@@ -1,3 +1,18 @@
{
"attributes": {},
"markdownMessage": "Internal telemetry for the Java extractor.\n\nNo action needed.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/extractor/summary",
"name": "Java extractor telemetry"
},
"visibility": {
"cliSummaryTable": false,
"statusPage": false,
"telemetry": true
}
}
{
"markdownMessage": "Java analysis used build tool Maven to pick a JDK version and/or to recommend external dependencies.",
"severity": "unknown",

2
java/ql/integration-tests/java/maven-download-failure/test.py
View File

@@ -2,7 +2,7 @@ import os
import os.path
import shutil
def test(codeql, java, check_diagnostics):
def test(codeql, java, check_diagnostics_java):
# Avoid shutil resolving mvn to the wrapper script in the test dir:
os.environ["NoDefaultCurrentDirectoryInExePath"] = "0"

14
java/ql/integration-tests/update-ferstl-depgraph-dependencies.sh
View File

@@ -35,7 +35,7 @@ JACKSON_VERSION="${1:-2.18.6}"
GUAVA_VERSION="${2:-33.4.0-jre}"
PLUGIN_UPSTREAM_VERSION="4.0.3"
PLUGIN_CODEQL_VERSION="${PLUGIN_UPSTREAM_VERSION}-CodeQL-2"
PLUGIN_CODEQL_VERSION="${PLUGIN_UPSTREAM_VERSION}-CodeQL-3"
UPSTREAM_TAG="depgraph-maven-plugin-${PLUGIN_UPSTREAM_VERSION}"
UPSTREAM_REPO="https://github.com/ferstl/depgraph-maven-plugin.git"
@@ -76,9 +76,19 @@ pom_path, old_version, new_version, new_guava, new_jackson = sys.argv[1:]
with open(pom_path) as f:
content = f.read()
# 1. Version suffix: 4.0.3 -> 4.0.3-CodeQL-2 (first occurrence only — the <version> element)
# 1. Version suffix: 4.0.3 -> 4.0.3-CodeQL-3 (first occurrence only — the <version> element)
content = content.replace(f'<version>{old_version}</version>', f'<version>{new_version}</version>', 1)
# 1b. Pin patched plexus-utils / commons-lang3 (transitive via maven-core) to
# clear CVEs in the vendored bundle. Inserted into <dependencyManagement>.
content = content.replace(
' <scope>import</scope>\n </dependency>\n </dependencies>\n </dependencyManagement>',
' <scope>import</scope>\n </dependency>\n'
' <dependency>\n <groupId>org.codehaus.plexus</groupId>\n <artifactId>plexus-utils</artifactId>\n <version>3.6.1</version>\n </dependency>\n'
' <dependency>\n <groupId>org.apache.commons</groupId>\n <artifactId>commons-lang3</artifactId>\n <version>3.18.0</version>\n </dependency>\n'
' </dependencies>\n </dependencyManagement>',
1)
# 2. Guava
content = content.replace('<version>31.1-jre</version>', f'<version>{new_guava}</version>')

2
java/ql/lib/semmle/code/java/ControlFlowGraph.qll
View File

@@ -61,6 +61,8 @@ private module Ast implements AstSig<Location> {
class Parameter extends AstNode {
Parameter() { none() }
AstNode getPattern() { none() }
Expr getDefaultValue() { none() }
}