mirror of
https://github.com/github/codeql.git
synced 2026-04-29 18:55:14 +02:00
Merge pull request #5976 from github/sauyon/java/spring-util
Model Spring `util`
This commit is contained in:
Chris Smowton
2
java/change-notes/2021-05-31-add-spring-stringutils.md
Normal file
2
java/change-notes/2021-05-31-add-spring-stringutils.md
Normal file
@@ -0,0 +1,2 @@
|
||||
lgtm,codescanning
|
||||
* Added additional taint steps modeling the Spring `util` package (`org.springframework.util`).
|
||||
@@ -85,6 +85,7 @@ private module Frameworks {
|
||||
private import semmle.code.java.frameworks.JaxWS
|
||||
private import semmle.code.java.frameworks.Optional
|
||||
private import semmle.code.java.frameworks.spring.SpringHttp
|
||||
private import semmle.code.java.frameworks.spring.SpringUtil
|
||||
private import semmle.code.java.frameworks.spring.SpringWebClient
|
||||
private import semmle.code.java.security.ResponseSplitting
|
||||
private import semmle.code.java.security.InformationLeak
|
||||
|
||||
@@ -32,6 +32,7 @@ import semmle.code.java.frameworks.spring.SpringQualifier
|
||||
import semmle.code.java.frameworks.spring.SpringRef
|
||||
import semmle.code.java.frameworks.spring.SpringReplacedMethod
|
||||
import semmle.code.java.frameworks.spring.SpringSet
|
||||
import semmle.code.java.frameworks.spring.SpringUtil
|
||||
import semmle.code.java.frameworks.spring.SpringValue
|
||||
import semmle.code.java.frameworks.spring.SpringXMLElement
|
||||
import semmle.code.java.frameworks.spring.metrics.MetricSpringBean
|
||||
|
||||
153
java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll
Normal file
153
java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll
Normal file
@@ -0,0 +1,153 @@
|
||||
/**
|
||||
* Provides models for the `org.springframework.util` package.
|
||||
*/
|
||||
|
||||
import java
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
|
||||
private class FlowSummaries extends SummaryModelCsv {
|
||||
override predicate row(string row) {
|
||||
row =
|
||||
[
|
||||
"org.springframework.util;AntPathMatcher;false;combine;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[1];MapValue of Argument[3];taint",
|
||||
"org.springframework.util;AntPathMatcher;false;extractPathWithinPattern;;;Argument[1];ReturnValue;taint",
|
||||
"org.springframework.util;AntPathMatcher;false;extractUriTemplateVariables;;;Argument[1];MapValue of ReturnValue;taint",
|
||||
"org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,java.lang.Class);;Element of Argument[0];Element of Argument[-1];value",
|
||||
"org.springframework.util;Base64Utils;false;decode;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;decodeFromString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;decodeFromUrlSafeString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;decodeUrlSafe;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;encode;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;encodeToString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;encodeToUrlSafeString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;Base64Utils;false;encodeUrlSafe;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;CollectionUtils;false;arrayToList;;;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;findFirstMatch;;;Element of Argument[0];ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;findValueOfType;;;Element of Argument[0];ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;firstElement;;;Element of Argument[0];ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;lastElement;;;Element of Argument[0];ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;mergeArrayIntoCollection;;;ArrayElement of Argument[0];Element of Argument[1];value",
|
||||
"org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;MapKey of Argument[0];MapKey of Argument[1];value",
|
||||
"org.springframework.util;CollectionUtils;false;mergePropertiesIntoMap;;;MapValue of Argument[0];MapValue of Argument[1];value",
|
||||
"org.springframework.util;CollectionUtils;false;toArray;;;Element of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;toIterator;;;Element of Argument[0];Element of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;toMultiValueMap;;;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;toMultiValueMap;;;Element of MapValue of Argument[0];Element of MapValue of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;CollectionUtils;false;unmodifiableMultiValueMap;;;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||
"org.springframework.util;CompositeIterator;false;add;;;Element of Argument[0];Element of Argument[-1];value",
|
||||
"org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;ConcurrentReferenceHashMap;false;getReference;;;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||
"org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;ConcurrentReferenceHashMap;false;getSegment;;;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||
"org.springframework.util;FastByteArrayOutputStream;false;getInputStream;;;Argument[-1];ReturnValue;taint",
|
||||
"org.springframework.util;FastByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint",
|
||||
"org.springframework.util;FastByteArrayOutputStream;false;write;;;Argument[0];Argument[-1];taint",
|
||||
"org.springframework.util;FastByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint",
|
||||
"org.springframework.util;FileCopyUtils;false;copy;;;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;FileCopyUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;FileCopyUtils;false;copyToString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;FileSystemUtils;false;copyRecursively;(java.io.File,java.io.File);;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;LinkedMultiValueMap;false;LinkedMultiValueMap;(java.util.Map);;Element of MapValue of Argument[0];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;LinkedMultiValueMap;false;deepCopy;;;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||
"org.springframework.util;MultiValueMap;true;add;;;Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;add;;;Argument[1];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addAll;(java.lang.Object,java.util.List);;Element of Argument[1];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addAll;(org.springframework.util.MultiValueMap);;Element of MapValue of Argument[0];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;addIfAbsent;;;Argument[1];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;getFirst;;;Element of MapValue of Argument[-1];ReturnValue;value",
|
||||
"org.springframework.util;MultiValueMap;true;set;;;Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;set;;;Argument[1];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;setAll;;;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;setAll;;;MapValue of Argument[0];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMap;true;toSingleValueMap;;;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||
"org.springframework.util;MultiValueMap;true;toSingleValueMap;;;Element of MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||
"org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||
"org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Element of MapValue of Argument[0];Element of MapValue of Argument[-1];value",
|
||||
"org.springframework.util;ObjectUtils;false;addObjectToArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[1];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;ObjectUtils;false;toObjectArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;ObjectUtils;false;unwrapOptional;;;Element of Argument[0];ReturnValue;value",
|
||||
"org.springframework.util;PropertiesPersister;true;load;;;Argument[1];Argument[0];taint",
|
||||
"org.springframework.util;PropertiesPersister;true;loadFromXml;;;Argument[1];Argument[0];taint",
|
||||
"org.springframework.util;PropertiesPersister;true;store;;;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;PropertiesPersister;true;store;;;Argument[2];Argument[1];taint",
|
||||
"org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;PropertiesPersister;true;storeToXml;;;Argument[2];Argument[1];taint",
|
||||
"org.springframework.util;PropertyPlaceholderHelper;false;PropertyPlaceholderHelper;;;Argument[0..1];Argument[-1];taint",
|
||||
"org.springframework.util;PropertyPlaceholderHelper;false;parseStringValue;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;PropertyPlaceholderHelper;false;replacePlaceholders;(java.lang.String,java.util.Properties);;MapValue of Argument[1];ReturnValue;taint",
|
||||
"org.springframework.util;ResourceUtils;false;extractArchiveURL;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;ResourceUtils;false;extractJarFileURL;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;ResourceUtils;false;getFile;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;ResourceUtils;false;getURL;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;ResourceUtils;false;toURI;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;RouteMatcher;true;combine;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[0];MapKey of ReturnValue;taint",
|
||||
"org.springframework.util;RouteMatcher;true;matchAndExtract;;;Argument[1];MapValue of ReturnValue;taint",
|
||||
"org.springframework.util;RouteMatcher;true;parseRoute;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;SerializationUtils;false;deserialize;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;SerializationUtils;false;serialize;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StreamUtils;false;copy;(byte[],java.io.OutputStream);;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;StreamUtils;false;copy;(java.io.InputStream,java.io.OutputStream);;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;StreamUtils;false;copy;(java.lang.String,java.nio.charset.Charset,java.io.OutputStream);;Argument[0];Argument[2];taint",
|
||||
"org.springframework.util;StreamUtils;false;copyRange;;;Argument[0];Argument[1];taint",
|
||||
"org.springframework.util;StreamUtils;false;copyToByteArray;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StreamUtils;false;copyToString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;addStringToArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;addStringToArray;;;Argument[1];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;applyRelativePath;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;arrayToCommaDelimitedString;;;ArrayElement of Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;arrayToDelimitedString;;;ArrayElement of Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[1];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;cleanPath;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;collectionToCommaDelimitedString;;;Element of Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Element of Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[1..3];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;commaDelimitedListToSet;;;Argument[0];Element of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;commaDelimitedListToStringArray;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;concatenateStringArrays;;;ArrayElement of Argument[0..1];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;delete;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;deleteAny;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;delimitedListToStringArray;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;getFilename;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;getFilenameExtension;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;mergeStringArrays;;;ArrayElement of Argument[0..1];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;quote;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;quoteIfString;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;removeDuplicateStrings;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;replace;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;replace;;;Argument[2];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;sortStringArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;split;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;ArrayElement of Argument[0];MapKey of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;ArrayElement of Argument[0];MapValue of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;stripFilenameExtension;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;tokenizeToStringArray;;;Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;toStringArray;;;Element of Argument[0];ArrayElement of ReturnValue;value",
|
||||
"org.springframework.util;StringUtils;false;trimAllWhitespace;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimArrayElements;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimLeadingCharacter;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimLeadingWhitespace;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimTrailingCharacter;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimTrailingWhitespace;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;trimWhitespace;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;unqualify;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringUtils;false;uriDecode;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;StringValueResolver;false;resolveStringValue;;;Argument[0];ReturnValue;taint",
|
||||
"org.springframework.util;SystemPropertyUtils;false;resolvePlaceholders;;;Argument[0];ReturnValue;taint"
|
||||
]
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../../stubs/spring-ldap-2.3.2
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../../stubs/spring-ldap-2.3.2
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/Saxon-HE-9.9.1-7
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/Saxon-HE-9.9.1-7
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell
|
||||
|
||||
@@ -1 +1 @@
|
||||
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jsr311-api-1.1.1:${testdir}/../../../../stubs/springframework-5.2.3
|
||||
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jsr311-api-1.1.1:${testdir}/../../../../stubs/springframework-5.3.8
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.2.3/:${testdir}/../../../../stubs/apache-commons-lang3-3.7/
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8/:${testdir}/../../../../stubs/apache-commons-lang3-3.7/
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../stubs/springframework-5.2.3/
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/fastjson-1.2.74/:${testdir}/../../../../stubs/gson-2.8.6/:${testdir}/../../../../stubs/jackson-databind-2.10/:${testdir}/../../../../stubs/springframework-5.3.8/
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.2.3/
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/springframework-5.3.8/
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/saxon-xqj-9.x/:${testdir}/../../../../stubs/springframework-5.2.3/
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/apache-http-4.4.13/:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/saxon-xqj-9.x/:${testdir}/../../../../stubs/springframework-5.3.8/
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/ognl-3.2.14:${testdir}/../../../stubs/struts2-core-2.5.22
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.10:${testdir}/../../../stubs/akka-2.6.x
|
||||
|
||||
1438
java/ql/test/library-tests/frameworks/spring/util/Test.java
Normal file
1438
java/ql/test/library-tests/frameworks/spring/util/Test.java
Normal file
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8
|
||||
52
java/ql/test/library-tests/frameworks/spring/util/test.ql
Normal file
52
java/ql/test/library-tests/frameworks/spring/util/test.ql
Normal file
@@ -0,0 +1,52 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.DataFlow
|
||||
import semmle.code.java.dataflow.TaintTracking
|
||||
import TestUtilities.InlineExpectationsTest
|
||||
|
||||
class ValueFlowConf extends DataFlow::Configuration {
|
||||
ValueFlowConf() { this = "qltest:valueFlowConf" }
|
||||
|
||||
override predicate isSource(DataFlow::Node n) {
|
||||
n.asExpr().(MethodAccess).getMethod().hasName("source")
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node n) {
|
||||
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
|
||||
}
|
||||
}
|
||||
|
||||
class TaintFlowConf extends TaintTracking::Configuration {
|
||||
TaintFlowConf() { this = "qltest:taintFlowConf" }
|
||||
|
||||
override predicate isSource(DataFlow::Node n) {
|
||||
n.asExpr().(MethodAccess).getMethod().hasName("source")
|
||||
}
|
||||
|
||||
override predicate isSink(DataFlow::Node n) {
|
||||
n.asExpr().(Argument).getCall().getCallee().hasName("sink")
|
||||
}
|
||||
}
|
||||
|
||||
class HasFlowTest extends InlineExpectationsTest {
|
||||
HasFlowTest() { this = "HasFlowTest" }
|
||||
|
||||
override string getARelevantTag() { result = ["hasValueFlow", "hasTaintFlow"] }
|
||||
|
||||
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||
tag = "hasValueFlow" and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink, ValueFlowConf conf | conf.hasFlow(src, sink) |
|
||||
sink.getLocation() = location and
|
||||
element = sink.toString() and
|
||||
value = ""
|
||||
)
|
||||
or
|
||||
tag = "hasTaintFlow" and
|
||||
exists(DataFlow::Node src, DataFlow::Node sink, TaintFlowConf conf |
|
||||
conf.hasFlow(src, sink) and not any(ValueFlowConf c).hasFlow(src, sink)
|
||||
|
|
||||
sink.getLocation() = location and
|
||||
element = sink.toString() and
|
||||
value = ""
|
||||
)
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/snakeyaml-1.21:${testdir}/../../../stubs/xstream-1.4.10:${testdir}/../../../stubs/kryo-4.0.2:${testdir}/../../../stubs/jsr311-api-1.1.1:${testdir}/../../../stubs/fastjson-1.2.74:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/jyaml-1.3:${testdir}/../../../stubs/json-io-4.10.0:${testdir}/../../../stubs/yamlbeans-1.09:${testdir}/../../../stubs/hessian-4.0.38:${testdir}/../../../stubs/castor-1.4.1
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/
|
||||
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/servlet-api-2.4/
|
||||
|
||||
@@ -1,96 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2019 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* https://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.springframework.util;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
|
||||
import org.springframework.lang.Nullable;
|
||||
|
||||
/**
|
||||
* Extension of the {@code Map} interface that stores multiple values.
|
||||
*
|
||||
* @author Arjen Poutsma
|
||||
* @since 3.0
|
||||
* @param <K> the key type
|
||||
* @param <V> the value element type
|
||||
*/
|
||||
public interface MultiValueMap<K, V> extends Map<K, List<V>> {
|
||||
|
||||
/**
|
||||
* Return the first value for the given key.
|
||||
* @param key the key
|
||||
* @return the first value for the specified key, or {@code null} if none
|
||||
*/
|
||||
@Nullable
|
||||
V getFirst(K key);
|
||||
|
||||
/**
|
||||
* Add the given single value to the current list of values for the given key.
|
||||
* @param key the key
|
||||
* @param value the value to be added
|
||||
*/
|
||||
void add(K key, @Nullable V value);
|
||||
|
||||
/**
|
||||
* Add all the values of the given list to the current list of values for the given key.
|
||||
* @param key they key
|
||||
* @param values the values to be added
|
||||
* @since 5.0
|
||||
*/
|
||||
void addAll(K key, List<? extends V> values);
|
||||
|
||||
/**
|
||||
* Add all the values of the given {@code MultiValueMap} to the current values.
|
||||
* @param values the values to be added
|
||||
* @since 5.0
|
||||
*/
|
||||
void addAll(MultiValueMap<K, V> values);
|
||||
|
||||
/**
|
||||
* {@link #add(Object, Object) Add} the given value, only when the map does not
|
||||
* {@link #containsKey(Object) contain} the given key.
|
||||
* @param key the key
|
||||
* @param value the value to be added
|
||||
* @since 5.2
|
||||
*/
|
||||
default void addIfAbsent(K key, @Nullable V value) {
|
||||
if (!containsKey(key)) {
|
||||
add(key, value);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Set the given single value under the given key.
|
||||
* @param key the key
|
||||
* @param value the value to set
|
||||
*/
|
||||
void set(K key, @Nullable V value);
|
||||
|
||||
/**
|
||||
* Set the given values under.
|
||||
* @param values the values.
|
||||
*/
|
||||
void setAll(Map<K, V> values);
|
||||
|
||||
/**
|
||||
* Return a {@code Map} with the first values contained in this {@code MultiValueMap}.
|
||||
* @return a single value representation of this map
|
||||
*/
|
||||
Map<K, V> toSingleValueMap();
|
||||
|
||||
}
|
||||
@@ -0,0 +1,37 @@
|
||||
// Generated automatically from org.springframework.util.AntPathMatcher for testing purposes
|
||||
|
||||
package org.springframework.util;
|
||||
|
||||
import java.util.Comparator;
|
||||
import java.util.Map;
|
||||
import org.springframework.util.PathMatcher;
|
||||
|
||||
public class AntPathMatcher implements PathMatcher
|
||||
{
|
||||
final Map<String, AntPathMatcher.AntPathStringMatcher> stringMatcherCache = null;
|
||||
protected AntPathMatcher.AntPathStringMatcher getStringMatcher(String p0){ return null; }
|
||||
protected String[] tokenizePath(String p0){ return null; }
|
||||
protected String[] tokenizePattern(String p0){ return null; }
|
||||
protected boolean doMatch(String p0, String p1, boolean p2, Map<String, String> p3){ return false; }
|
||||
public AntPathMatcher(){}
|
||||
public AntPathMatcher(String p0){}
|
||||
public Comparator<String> getPatternComparator(String p0){ return null; }
|
||||
public Map<String, String> extractUriTemplateVariables(String p0, String p1){ return null; }
|
||||
public String combine(String p0, String p1){ return null; }
|
||||
public String extractPathWithinPattern(String p0, String p1){ return null; }
|
||||
public boolean isPattern(String p0){ return false; }
|
||||
public boolean match(String p0, String p1){ return false; }
|
||||
public boolean matchStart(String p0, String p1){ return false; }
|
||||
public static String DEFAULT_PATH_SEPARATOR = null;
|
||||
public void setCachePatterns(boolean p0){}
|
||||
public void setCaseSensitive(boolean p0){}
|
||||
public void setPathSeparator(String p0){}
|
||||
public void setTrimTokens(boolean p0){}
|
||||
static class AntPathStringMatcher
|
||||
{
|
||||
protected AntPathStringMatcher() {}
|
||||
public AntPathStringMatcher(String p0){}
|
||||
public AntPathStringMatcher(String p0, boolean p1){}
|
||||
public boolean matchStrings(String p0, Map<String, String> p1){ return false; }
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,53 @@
|
||||
// Generated automatically from org.springframework.util.AutoPopulatingList for testing purposes
|
||||
|
||||
package org.springframework.util;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.util.Collection;
|
||||
import java.util.Iterator;
|
||||
import java.util.List;
|
||||
import java.util.ListIterator;
|
||||
|
||||
public class AutoPopulatingList<E> implements List<E>, Serializable
|
||||
{
|
||||
protected AutoPopulatingList() {}
|
||||
public <T> T[] toArray(T[] p0){ return null; }
|
||||
public AutoPopulatingList(AutoPopulatingList.ElementFactory<E> p0){}
|
||||
public AutoPopulatingList(Class<? extends E> p0){}
|
||||
public AutoPopulatingList(List<E> p0, AutoPopulatingList.ElementFactory<E> p1){}
|
||||
public AutoPopulatingList(List<E> p0, Class<? extends E> p1){}
|
||||
public E get(int p0){ return null; }
|
||||
public E remove(int p0){ return null; }
|
||||
public E set(int p0, E p1){ return null; }
|
||||
public Iterator<E> iterator(){ return null; }
|
||||
public List<E> subList(int p0, int p1){ return null; }
|
||||
public ListIterator<E> listIterator(){ return null; }
|
||||
public ListIterator<E> listIterator(int p0){ return null; }
|
||||
public Object[] toArray(){ return null; }
|
||||
public boolean add(E p0){ return false; }
|
||||
public boolean addAll(Collection<? extends E> p0){ return false; }
|
||||
public boolean addAll(int p0, Collection<? extends E> p1){ return false; }
|
||||
public boolean contains(Object p0){ return false; }
|
||||
public boolean containsAll(Collection<? extends Object> p0){ return false; }
|
||||
public boolean equals(Object p0){ return false; }
|
||||
public boolean isEmpty(){ return false; }
|
||||
public boolean remove(Object p0){ return false; }
|
||||
public boolean removeAll(Collection<? extends Object> p0){ return false; }
|
||||
public boolean retainAll(Collection<? extends Object> p0){ return false; }
|
||||
public int hashCode(){ return 0; }
|
||||
public int indexOf(Object p0){ return 0; }
|
||||
public int lastIndexOf(Object p0){ return 0; }
|
||||
public int size(){ return 0; }
|
||||
public void add(int p0, E p1){}
|
||||
public void clear(){}
|
||||
static public class ElementInstantiationException extends RuntimeException
|
||||
{
|
||||
protected ElementInstantiationException() {}
|
||||
public ElementInstantiationException(String p0){}
|
||||
public ElementInstantiationException(String p0, Throwable p1){}
|
||||
}
|
||||
static public interface ElementFactory<E>
|
||||
{
|
||||
E createElement(int p0);
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,17 @@
|
||||
// Generated automatically from org.springframework.util.Base64Utils for testing purposes
|
||||
|
||||
package org.springframework.util;
|
||||
|
||||
|
||||
abstract public class Base64Utils
|
||||
{
|
||||
public Base64Utils(){}
|
||||
public static String encodeToString(byte[] p0){ return null; }
|
||||
public static String encodeToUrlSafeString(byte[] p0){ return null; }
|
||||
public static byte[] decode(byte[] p0){ return null; }
|
||||
public static byte[] decodeFromString(String p0){ return null; }
|
||||
public static byte[] decodeFromUrlSafeString(String p0){ return null; }
|
||||
public static byte[] decodeUrlSafe(byte[] p0){ return null; }
|
||||
public static byte[] encode(byte[] p0){ return null; }
|
||||
public static byte[] encodeUrlSafe(byte[] p0){ return null; }
|
||||
}
|
||||
Some files were not shown because too many files have changed in this diff Show More
Reference in New Issue
Block a user