Move files from experimental

java/ql/lib/semmle/code/java/frameworks/FreeMarker.qll

@@ -0,0 +1,29 @@
+/** Definitions related to the FreeMarker Templating library. */
+
+import java
+
+/** The `Template` class of the FreeMarker Template Engine */
+class TypeFreeMarkerTemplate extends Class {
+  TypeFreeMarkerTemplate() { this.hasQualifiedName("freemarker.template", "Template") }
+}
+
+/** The `process` method of the FreeMarker Template Engine's `Template` class */
+class MethodFreeMarkerTemplateProcess extends Method {
+  MethodFreeMarkerTemplateProcess() {
+    this.getDeclaringType() instanceof TypeFreeMarkerTemplate and
+    this.hasName("process")
+  }
+}
+
+/** The `StringTemplateLoader` class of the FreeMarker Template Engine */
+class TypeFreeMarkerStringLoader extends Class {
+  TypeFreeMarkerStringLoader() { this.hasQualifiedName("freemarker.cache", "StringTemplateLoader") }
+}
+
+/** The `process` method of the FreeMarker Template Engine's `StringTemplateLoader` class */
+class MethodFreeMarkerStringTemplateLoaderPutTemplate extends Method {
+  MethodFreeMarkerStringTemplateLoaderPutTemplate() {
+    this.getDeclaringType() instanceof TypeFreeMarkerStringLoader and
+    this.hasName("putTemplate")
+  }
+}

java/ql/lib/semmle/code/java/frameworks/JinJava.qll

@@ -0,0 +1,24 @@
+/** Definitions related to the Jinjava Templating library. */
+
+import java
+
+/** The `Jinjava` class of the Jinjava Templating Engine. */
+class TypeJinjava extends Class {
+  TypeJinjava() { this.hasQualifiedName("com.hubspot.jinjava", "Jinjava") }
+}
+
+/** The `render` method of the Jinjava Templating Engine. */
+class MethodJinjavaRender extends Method {
+  MethodJinjavaRender() {
+    this.getDeclaringType() instanceof TypeJinjava and
+    this.hasName("render")
+  }
+}
+
+/** The `render` method of the Jinjava Templating Engine. */
+class MethodJinjavaRenderForResult extends Method {
+  MethodJinjavaRenderForResult() {
+    this.getDeclaringType() instanceof TypeJinjava and
+    this.hasName("renderForResult")
+  }
+}

java/ql/lib/semmle/code/java/frameworks/Pebble.qll

@@ -0,0 +1,16 @@
+/** Definitions related to the Pebble Templating library. */
+
+import java
+
+/** The `PebbleEngine` class of the Pebble Templating Engine. */
+class TypePebbleEngine extends Class {
+  TypePebbleEngine() { this.hasQualifiedName("com.mitchellbosecke.pebble", "PebbleEngine") }
+}
+
+/** The `getTemplate` method of the Pebble Templating Engine. */
+class MethodPebbleGetTemplate extends Method {
+  MethodPebbleGetTemplate() {
+    this.getDeclaringType() instanceof TypePebbleEngine and
+    this.hasName(["getTemplate", "getLiteralTemplate"])
+  }
+}

java/ql/lib/semmle/code/java/frameworks/Thymeleaf.qll

@@ -0,0 +1,25 @@
+/** Definitions related to the Thymeleaf Templating library. */
+
+import java
+
+/**
+ * A class implementing the `ITemplateEngine` interface of the Thymeleaf
+ * Templating Engine such as the `TemplateEngine` class.
+ */
+class TypeThymeleafTemplateEngine extends Class {
+  TypeThymeleafTemplateEngine() {
+    this.hasQualifiedName("org.thymeleaf", "TemplateEngine")
+    or
+    exists(Type t | this.getASupertype*().extendsOrImplements(t) |
+      t.hasName("org.thymeleaf.ITemplateEngine")
+    )
+  }
+}
+
+/** The `process` or `processThrottled` method of the Thymeleaf Templating Engine. */
+class MethodThymeleafProcess extends Method {
+  MethodThymeleafProcess() {
+    this.getDeclaringType() instanceof TypeThymeleafTemplateEngine and
+    this.hasName(["process", "processThrottled"])
+  }
+}

java/ql/lib/semmle/code/java/frameworks/Velocity.qll

@@ -0,0 +1,119 @@
+/** Definitions related to the Apache Velocity Templating library. */
+
+import java
+
+/** The `org.apache.velocity.context.AbstractContext` class of the Velocity Templating Engine. */
+class TypeVelocityAbstractContext extends Class {
+  TypeVelocityAbstractContext() {
+    this.hasQualifiedName("org.apache.velocity.context", "AbstractContext")
+  }
+}
+
+/** The `org.apache.velocity.runtime.RuntimeServices` class of the Velocity Templating Engine. */
+class TypeVelocityRuntimeRuntimeServices extends Class {
+  TypeVelocityRuntimeRuntimeServices() {
+    this.hasQualifiedName("org.apache.velocity.runtime", "RuntimeServices")
+  }
+}
+
+/** The `org.apache.velocity.Template` class of the Velocity Templating Engine. */
+class TypeVelocityTemplate extends Class {
+  TypeVelocityTemplate() { this.hasQualifiedName("org.apache.velocity", "Template") }
+}
+
+/** The `org.apache.velocity.runtime.RuntimeSingleton` classTemplating Engine. */
+class TypeVelocityRuntimeRuntimeSingleton extends Class {
+  TypeVelocityRuntimeRuntimeSingleton() {
+    this.hasQualifiedName("org.apache.velocity.runtime", "RuntimeSingleton")
+  }
+}
+
+/** The `org.apache.velocity.VelocityEngine` class of the Velocity Templating Engine. */
+class TypeVelocityVelocityEngine extends Class {
+  TypeVelocityVelocityEngine() { this.hasQualifiedName("org.apache.velocity", "VelocityEngine") }
+}
+
+/** The `org.apache.velocity.app.VelocityEngine` class of the Velocity Templating Engine. */
+class TypeVelocityAppVelocityEngine extends RefType {
+  TypeVelocityAppVelocityEngine() {
+    this.hasQualifiedName("org.apache.velocity.app", "VelocityEngine")
+  }
+}
+
+/** The `org.apache.velocity.app.Velocity` class of the Velocity Templating Engine. */
+class TypeVelocityAppVelocity extends RefType {
+  TypeVelocityAppVelocity() { this.hasQualifiedName("org.apache.velocity.app", "Velocity") }
+}
+
+/**
+ * The `org.apache.velocity.runtime.resource.util.StringResourceRepository` interface
+ * of the Velocity Templating Engine.
+ */
+class TypeVelocityStringResourceRepo extends RefType {
+  TypeVelocityStringResourceRepo() {
+    this.hasQualifiedName("org.apache.velocity.runtime.resource.util", "StringResourceRepository")
+  }
+}
+
+/** The `internalPut` and `put` methods of the Velocity Templating Engine. */
+class MethodVelocityContextPut extends Method {
+  MethodVelocityContextPut() {
+    this.getDeclaringType().getASupertype*() instanceof TypeVelocityAbstractContext and
+    this.hasName(["put", "internalPut"])
+  }
+}
+
+/** The `evaluate` method of the Velocity Templating Engine. */
+class MethodVelocityEvaluate extends Method {
+  MethodVelocityEvaluate() {
+    // static boolean evaluate(Context context, Writer out, String logTag, String instring)
+    // static boolean evaluate(Context context, Writer writer, String logTag, Reader reader)
+    (
+      this.getDeclaringType() instanceof TypeVelocityAppVelocity or
+      this.getDeclaringType() instanceof TypeVelocityAppVelocityEngine or
+      this.getDeclaringType().getASupertype*() instanceof TypeVelocityRuntimeRuntimeServices
+    ) and
+    this.hasName("evaluate")
+  }
+}
+
+/** The `mergeTemplate` method of the Velocity Templating Engine. */
+class MethodVelocityMergeTemplate extends Method {
+  MethodVelocityMergeTemplate() {
+    // static boolean	mergeTemplate(String templateName, String encoding, Context context, Writer writer)
+    (
+      this.getDeclaringType() instanceof TypeVelocityAppVelocity or
+      this.getDeclaringType() instanceof TypeVelocityAppVelocityEngine
+    ) and
+    this.hasName("mergeTemplate")
+  }
+}
+
+/** The `merge` method of the Velocity Templating Engine. */
+class MethodVelocityMerge extends Method {
+  MethodVelocityMerge() {
+    // void merge(Context context, Writer writer)
+    // void merge(Context context, Writer writer, List<String> macroLibraries)
+    this.getDeclaringType() instanceof TypeVelocityTemplate and
+    this.hasName("merge")
+  }
+}
+
+/** The `parse` method of the Velocity Templating Engine. */
+class MethodVelocityParse extends Method {
+  MethodVelocityParse() {
+    (
+      this.getDeclaringType().getASupertype*() instanceof TypeVelocityRuntimeRuntimeSingleton or
+      this.getDeclaringType().getASupertype*() instanceof TypeVelocityRuntimeRuntimeServices
+    ) and
+    this.hasName("parse")
+  }
+}
+
+/** The `putStringResource` method of the Velocity Templating Engine. */
+class MethodVelocityPutStringResource extends Method {
+  MethodVelocityPutStringResource() {
+    this.getDeclaringType().getASupertype*() instanceof TypeVelocityStringResourceRepo and
+    this.hasName("putStringResource")
+  }
+}