hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #6062 from atorralba/atorralba/promote-groovy-injection

Browse Source 
Java: Promote Groovy Code Injection from experimental
This commit is contained in:
Anders Schack-Mulligen
2021-08-03 14:19:15 +02:00
committed by GitHub
parent 43044cd475 c44de87503
commit fb9feabe64
45 changed files with 1715 additions and 521 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/change-notes/2021-06-14-groovy-code-injection-query.md Normal file
View File

@@ -0,0 +1,2 @@
lgtm,codescanning
* The query "Groovy Language injection" (`java/groovy-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @p0wn4j](https://github.com/github/codeql/pull/5467).

4
java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjection.qhelp → java/ql/src/Security/CWE/CWE-094/GroovyInjection.qhelp
View File

@@ -28,9 +28,9 @@ This is typically done when using Groovy for its scripting or domain specific la
The fundamental problem is that Groovy is a dynamic language, yet <code>SecureASTCustomizer</code> works by looking at Groovy AST statically.
This makes it very easy for an attacker to bypass many of the intended checks
(see https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/).
(see [Groovy SecureASTCustomizer is harmful](https://kohsuke.org/2012/04/27/groovy-secureastcustomizer-is-harmful/)).
Therefore, besides <code>SecureASTCustomizer</code>, runtime checks are also necessary before calling Groovy methods
(see https://melix.github.io/blog/2015/03/sandboxing.html).
(see [Improved sandboxing of Groovy scripts](https://melix.github.io/blog/2015/03/sandboxing.html)).
It is also possible to use a block-list method, excluding unwanted classes from being loaded by the JVM.
This method is not always recommended, because block-lists can be bypassed by unexpected values.

2
java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjection.ql → java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
View File

@@ -11,8 +11,8 @@
*/
import java
import semmle.code.java.security.GroovyInjectionQuery
import DataFlow::PathGraph
import GroovyInjectionLib
from DataFlow::PathNode source, DataFlow::PathNode sink, GroovyInjectionConfig conf
where conf.hasFlowPath(source, sink)

0
java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjectionBad.java → java/ql/src/Security/CWE/CWE-094/GroovyInjectionBad.java
View File

0
java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjectionBlocklist.java → java/ql/src/Security/CWE/CWE-094/GroovyInjectionBlocklist.java
View File

160
java/ql/src/experimental/Security/CWE/CWE-094/GroovyInjectionLib.qll
View File

@@ -1,160 +0,0 @@
/**
* Provides classes and predicates for Groovy Code Injection
* taint-tracking configuration.
*/
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
/** A data flow sink for Groovy expression injection vulnerabilities. */
abstract private class GroovyInjectionSink extends DataFlow::ExprNode { }
/**
* A taint-tracking configuration for unsafe user input
* that is used to evaluate a Groovy expression.
*/
class GroovyInjectionConfig extends TaintTracking::Configuration {
GroovyInjectionConfig() { this = "GroovyInjectionConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink }
override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
groovyCodeSourceTaintStep(fromNode, toNode)
}
}
/** The class `groovy.lang.GroovyShell`. */
private class TypeGroovyShell extends RefType {
TypeGroovyShell() { this.hasQualifiedName("groovy.lang", "GroovyShell") }
}
/** The class `groovy.lang.GroovyCodeSource`. */
private class TypeGroovyCodeSource extends RefType {
TypeGroovyCodeSource() { this.hasQualifiedName("groovy.lang", "GroovyCodeSource") }
}
/**
* Methods in the `GroovyShell` class that evaluate a Groovy expression.
*/
private class GroovyShellMethod extends Method {
GroovyShellMethod() {
this.getDeclaringType() instanceof TypeGroovyShell and
this.getName() in ["evaluate", "parse", "run"]
}
}
private class GroovyShellMethodAccess extends MethodAccess {
GroovyShellMethodAccess() { this.getMethod() instanceof GroovyShellMethod }
}
/**
* Holds if `fromNode` to `toNode` is a dataflow step from a tainted string to
* a `GroovyCodeSource` instance, i.e. `new GroovyCodeSource(tainted, ...)`.
*/
private predicate groovyCodeSourceTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(ConstructorCall gcscc |
gcscc.getConstructedType() instanceof TypeGroovyCodeSource and
gcscc = toNode.asExpr() and
gcscc.getArgument(0) = fromNode.asExpr()
)
}
/**
* A sink for Groovy Injection via the `GroovyShell` class.
*
* ```
* GroovyShell gs = new GroovyShell();
* gs.evaluate(sink, ....)
* gs.run(sink, ....)
* gs.parse(sink,...)
* ```
*/
private class GroovyShellSink extends GroovyInjectionSink {
GroovyShellSink() {
exists(GroovyShellMethodAccess ma, Argument firstArg |
ma.getArgument(0) = firstArg and
firstArg = this.asExpr() and
(
firstArg.getType() instanceof TypeString or
firstArg.getType() instanceof TypeGroovyCodeSource
)
)
}
}
/** The class `groovy.util.Eval`. */
private class TypeEval extends RefType {
TypeEval() { this.hasQualifiedName("groovy.util", "Eval") }
}
/**
* Methods in the `Eval` class that evaluate a Groovy expression.
*/
private class EvalMethod extends Method {
EvalMethod() {
this.getDeclaringType() instanceof TypeEval and
this.getName() in ["me", "x", "xy", "xyz"]
}
}
private class EvalMethodAccess extends MethodAccess {
EvalMethodAccess() { this.getMethod() instanceof EvalMethod }
Expr getArgumentExpr() { result = this.getArgument(this.getNumArgument() - 1) }
}
/**
* A sink for Groovy Injection via the `Eval` class.
*
* ```
* Eval.me(sink)
* Eval.me("p1", "p2", sink)
* Eval.x("p1", sink)
* Eval.xy("p1", "p2" sink)
* Eval.xyz("p1", "p2", "p3", sink)
* ```
*/
private class EvalSink extends GroovyInjectionSink {
EvalSink() { exists(EvalMethodAccess ma | ma.getArgumentExpr() = this.asExpr()) }
}
/** The class `groovy.lang.GroovyClassLoader`. */
private class TypeGroovyClassLoader extends RefType {
TypeGroovyClassLoader() { this.hasQualifiedName("groovy.lang", "GroovyClassLoader") }
}
/**
* A method in the `GroovyClassLoader` class that evaluates a Groovy expression.
*/
private class GroovyClassLoaderParseClassMethod extends Method {
GroovyClassLoaderParseClassMethod() {
this.getDeclaringType() instanceof TypeGroovyClassLoader and
this.hasName("parseClass")
}
}
private class GroovyClassLoaderParseClassMethodAccess extends MethodAccess {
GroovyClassLoaderParseClassMethodAccess() {
this.getMethod() instanceof GroovyClassLoaderParseClassMethod
}
}
/**
* A sink for Groovy Injection via the `GroovyClassLoader` class.
*
* ```
* GroovyClassLoader classLoader = new GroovyClassLoader();
* Class groovy = classLoader.parseClass(script);
* ```
*
* Groovy supports compile-time metaprogramming, so just calling the `parseClass`
* method is enough to achieve RCE.
*/
private class GroovyClassLoadParseClassSink extends GroovyInjectionSink {
GroovyClassLoadParseClassSink() {
exists(GroovyClassLoaderParseClassMethodAccess ma | ma.getArgument(0) = this.asExpr())
}
}

2
java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
View File

@@ -97,6 +97,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.spring.SpringWebMultipart
private import semmle.code.java.security.ResponseSplitting
private import semmle.code.java.security.InformationLeak
private import semmle.code.java.security.GroovyInjection
private import semmle.code.java.security.JexlInjectionSinkModels
private import semmle.code.java.security.LdapInjection
private import semmle.code.java.security.MvelInjection
@@ -329,6 +330,7 @@ private predicate summaryModelCsv(string row) {
"java.io;File;false;File;;;Argument[0];Argument[-1];taint",
"java.io;File;false;File;;;Argument[1];Argument[-1];taint",
"java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint",
"java.net;URL;false;URL;(String);;Argument[0];Argument[-1];taint",
"javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint",
"javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];Argument[-1];taint",
"javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];Argument[-1];taint",

169
java/ql/src/semmle/code/java/security/GroovyInjection.qll Normal file
View File

@@ -0,0 +1,169 @@
/** Provides classes to reason about Groovy code injection attacks. */
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.ExternalFlow
private import semmle.code.java.frameworks.Networking
/** A data flow sink for Groovy expression injection vulnerabilities. */
abstract class GroovyInjectionSink extends DataFlow::ExprNode { }
/**
* A unit class for adding additional taint steps.
*
* Extend this class to add additional taint steps that should apply to the `GroovyInjectionConfig`.
*/
class GroovyInjectionAdditionalTaintStep extends Unit {
/**
* Holds if the step from `node1` to `node2` should be considered a taint
* step for the `GroovyInjectionConfig` configuration.
*/
abstract predicate step(DataFlow::Node node1, DataFlow::Node node2);
}
private class DefaultGroovyInjectionSink extends GroovyInjectionSink {
DefaultGroovyInjectionSink() { sinkNode(this, "groovy") }
}
private class DefaultGroovyInjectionSinkModel extends SinkModelCsv {
override predicate row(string row) {
row =
[
// Signatures are specified to exclude sinks of the type `File`
"groovy.lang;GroovyShell;false;evaluate;(GroovyCodeSource);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(Reader);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(Reader,String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(String,String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(String,String,String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;evaluate;(URI);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;parse;(Reader);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;parse;(Reader,String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;parse;(String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;parse;(String,String);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;parse;(URI);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(GroovyCodeSource,String[]);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(GroovyCodeSource,List);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(Reader,String,String[]);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(Reader,String,List);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(String,String,String[]);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(String,String,List);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(URI,String[]);;Argument[0];groovy",
"groovy.lang;GroovyShell;false;run;(URI,List);;Argument[0];groovy",
"groovy.util;Eval;false;me;(String);;Argument[0];groovy",
"groovy.util;Eval;false;me;(String,Object,String);;Argument[2];groovy",
"groovy.util;Eval;false;x;(Object,String);;Argument[1];groovy",
"groovy.util;Eval;false;xy;(Object,Object,String);;Argument[2];groovy",
"groovy.util;Eval;false;xyz;(Object,Object,Object,String);;Argument[3];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource);;Argument[0];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource,boolean);;Argument[0];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(InputStream,String);;Argument[0];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(Reader,String);;Argument[0];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(String);;Argument[0];groovy",
"groovy.lang;GroovyClassLoader;false;parseClass;(String,String);;Argument[0];groovy",
"org.codehaus.groovy.control;CompilationUnit;false;compile;;;Argument[-1];groovy"
]
}
}
/** A set of additional taint steps to consider when taint tracking Groovy related data flows. */
private class DefaultGroovyInjectionAdditionalTaintStep extends GroovyInjectionAdditionalTaintStep {
override predicate step(DataFlow::Node node1, DataFlow::Node node2) {
groovyCodeSourceTaintStep(node1, node2) or
groovyCompilationUnitTaintStep(node1, node2) or
groovySourceUnitTaintStep(node1, node2) or
groovyReaderSourceTaintStep(node1, node2)
}
}
/**
* Holds if `fromNode` to `toNode` is a dataflow step from a tainted string to
* a `GroovyCodeSource` instance by calling `new GroovyCodeSource(tainted, ...)`.
*/
private predicate groovyCodeSourceTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(ConstructorCall gcscc |
gcscc.getConstructedType() instanceof TypeGroovyCodeSource and
gcscc = toNode.asExpr() and
gcscc.getArgument(0) = fromNode.asExpr()
)
}
/**
* Holds if `fromNode` to `toNode` is a dataflow step from a tainted object to
* a `CompilationUnit` instance by calling `compilationUnit.addSource(..., tainted)`.
*/
private predicate groovyCompilationUnitTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.hasName("addSource") and
m.getDeclaringType() instanceof TypeGroovyCompilationUnit
|
fromNode.asExpr() = ma.getArgument(ma.getNumArgument() - 1) and
toNode.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr() = ma.getQualifier()
)
}
/**
* Holds if `fromNode` to `toNode` is a dataflow step from a tainted object to
* a `SourceUnit` instance by calling `new SourceUnit(..., tainted, ...)`
* or `SourceUnit.create(..., tainted)`
*/
private predicate groovySourceUnitTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(ClassInstanceExpr cie, Argument arg, int index |
cie.getConstructedType() instanceof TypeGroovySourceUnit and
arg = cie.getArgument(index) and
(
index = 0 and arg.getType() instanceof TypeUrl
or
index = 1 and
(
arg.getType() instanceof TypeString or
arg.getType() instanceof TypeReaderSource
)
)
|
fromNode.asExpr() = arg and
toNode.asExpr() = cie
)
or
exists(MethodAccess ma, Method m |
ma.getMethod() = m and
m.hasName("create") and
m.getDeclaringType() instanceof TypeGroovySourceUnit
|
fromNode.asExpr() = ma.getArgument(1) and toNode.asExpr() = ma
)
}
/**
* Holds if `fromNode` to `toNode` is a dataflow step from a tainted object to
* a `ReaderSource` instance by calling `new ReaderSource(tainted, ...)`.
*/
private predicate groovyReaderSourceTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
exists(ClassInstanceExpr cie | cie.getConstructedType() instanceof TypeReaderSource |
fromNode.asExpr() = cie.getArgument(0) and toNode.asExpr() = cie
)
}
/** The class `groovy.lang.GroovyCodeSource`. */
private class TypeGroovyCodeSource extends RefType {
TypeGroovyCodeSource() { this.hasQualifiedName("groovy.lang", "GroovyCodeSource") }
}
/** The class `org.codehaus.groovy.control.CompilationUnit`. */
private class TypeGroovyCompilationUnit extends RefType {
TypeGroovyCompilationUnit() {
this.hasQualifiedName("org.codehaus.groovy.control", "CompilationUnit")
}
}
/** The class `org.codehaus.groovy.control.CompilationUnit`. */
private class TypeGroovySourceUnit extends RefType {
TypeGroovySourceUnit() { this.hasQualifiedName("org.codehaus.groovy.control", "SourceUnit") }
}
/** The class `org.codehaus.groovy.control.io.ReaderSource`. */
private class TypeReaderSource extends RefType {
TypeReaderSource() {
this.getASupertype*().hasQualifiedName("org.codehaus.groovy.control.io", "ReaderSource")
}
}

22
java/ql/src/semmle/code/java/security/GroovyInjectionQuery.qll Normal file
View File

@@ -0,0 +1,22 @@
/** Provides taint tracking configurations relating to Groovy injection vulnerabilities. */
import java
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.security.GroovyInjection
/**
* A taint-tracking configuration for unsafe user input
* that is used to evaluate a Groovy expression.
*/
class GroovyInjectionConfig extends TaintTracking::Configuration {
GroovyInjectionConfig() { this = "GroovyInjectionConfig" }
override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
override predicate isSink(DataFlow::Node sink) { sink instanceof GroovyInjectionSink }
override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
any(GroovyInjectionAdditionalTaintStep c).step(fromNode, toNode)
}
}

39
java/ql/test/experimental/query-tests/security/CWE-094/GroovyClassLoaderTest.java
View File

@@ -1,39 +0,0 @@
import groovy.lang.GroovyClassLoader;
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyObject;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class GroovyClassLoaderTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
Class groovy = classLoader.parseClass(script);
GroovyObject groovyObj = (GroovyObject) groovy.newInstance();
} catch (Exception e) {
// Ignore
}
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
Class groovy = classLoader.parseClass(gcs);
GroovyObject groovyObj = (GroovyObject) groovy.newInstance();
} catch (Exception e) {
// Ignore
}
}
}

41
java/ql/test/experimental/query-tests/security/CWE-094/GroovyEvalTest.java
View File

@@ -1,41 +0,0 @@
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import groovy.util.Eval;
public class GroovyEvalTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.me(script);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.me("test", "result", script);
}
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.x("result2", script);
}
protected void doDelete(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.xy("result3", "result4", script);
}
protected void doPatch(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
String script = request.getParameter("script");
Eval.xyz("result3", "result4", "aaa", script);
}
}

73
java/ql/test/experimental/query-tests/security/CWE-094/GroovyInjection.expected
View File

@@ -1,73 +0,0 @@
edges
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:22:29:22:51 | expression : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:23:31:23:40 | expression |
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:30:44:30:66 | expression : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:31:27:31:36 | expression |
| GroovyClassLoaderTest.java:16:29:16:58 | getParameter(...) : String | GroovyClassLoaderTest.java:18:51:18:56 | script |
| GroovyClassLoaderTest.java:29:29:29:58 | getParameter(...) : String | GroovyClassLoaderTest.java:32:51:32:53 | gcs |
| GroovyEvalTest.java:12:25:12:54 | getParameter(...) : String | GroovyEvalTest.java:13:17:13:22 | script |
| GroovyEvalTest.java:12:25:12:54 | getParameter(...) : String | GroovyEvalTest.java:13:17:13:22 | script : String |
| GroovyEvalTest.java:13:17:13:22 | script : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:22:29:22:51 | expression : String |
| GroovyEvalTest.java:18:25:18:54 | getParameter(...) : String | GroovyEvalTest.java:19:35:19:40 | script |
| GroovyEvalTest.java:24:25:24:54 | getParameter(...) : String | GroovyEvalTest.java:25:27:25:32 | script |
| GroovyEvalTest.java:24:25:24:54 | getParameter(...) : String | GroovyEvalTest.java:25:27:25:32 | script : String |
| GroovyEvalTest.java:25:27:25:32 | script : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:30:44:30:66 | expression : String |
| GroovyEvalTest.java:31:25:31:54 | getParameter(...) : String | GroovyEvalTest.java:32:39:32:44 | script |
| GroovyEvalTest.java:37:25:37:54 | getParameter(...) : String | GroovyEvalTest.java:38:47:38:52 | script |
| GroovyShellTest.java:15:25:15:54 | getParameter(...) : String | GroovyShellTest.java:16:24:16:29 | script |
| GroovyShellTest.java:22:25:22:54 | getParameter(...) : String | GroovyShellTest.java:23:24:23:29 | script |
| GroovyShellTest.java:29:25:29:54 | getParameter(...) : String | GroovyShellTest.java:30:24:30:29 | script |
| GroovyShellTest.java:36:25:36:54 | getParameter(...) : String | GroovyShellTest.java:37:19:37:24 | script |
| GroovyShellTest.java:43:25:43:54 | getParameter(...) : String | GroovyShellTest.java:45:19:45:21 | gcs |
| GroovyShellTest.java:51:25:51:54 | getParameter(...) : String | GroovyShellTest.java:53:24:53:26 | gcs |
| GroovyShellTest.java:59:25:59:54 | getParameter(...) : String | GroovyShellTest.java:60:21:60:26 | script |
nodes
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:22:29:22:51 | expression : String | semmle.label | expression : String |
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:23:31:23:40 | expression | semmle.label | expression |
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:30:44:30:66 | expression : String | semmle.label | expression : String |
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:31:27:31:36 | expression | semmle.label | expression |
| GroovyClassLoaderTest.java:16:29:16:58 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyClassLoaderTest.java:18:51:18:56 | script | semmle.label | script |
| GroovyClassLoaderTest.java:29:29:29:58 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyClassLoaderTest.java:32:51:32:53 | gcs | semmle.label | gcs |
| GroovyEvalTest.java:12:25:12:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyEvalTest.java:13:17:13:22 | script | semmle.label | script |
| GroovyEvalTest.java:13:17:13:22 | script : String | semmle.label | script : String |
| GroovyEvalTest.java:18:25:18:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyEvalTest.java:19:35:19:40 | script | semmle.label | script |
| GroovyEvalTest.java:24:25:24:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyEvalTest.java:25:27:25:32 | script | semmle.label | script |
| GroovyEvalTest.java:25:27:25:32 | script : String | semmle.label | script : String |
| GroovyEvalTest.java:31:25:31:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyEvalTest.java:32:39:32:44 | script | semmle.label | script |
| GroovyEvalTest.java:37:25:37:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyEvalTest.java:38:47:38:52 | script | semmle.label | script |
| GroovyShellTest.java:15:25:15:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:16:24:16:29 | script | semmle.label | script |
| GroovyShellTest.java:22:25:22:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:23:24:23:29 | script | semmle.label | script |
| GroovyShellTest.java:29:25:29:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:30:24:30:29 | script | semmle.label | script |
| GroovyShellTest.java:36:25:36:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:37:19:37:24 | script | semmle.label | script |
| GroovyShellTest.java:43:25:43:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:45:19:45:21 | gcs | semmle.label | gcs |
| GroovyShellTest.java:51:25:51:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:53:24:53:26 | gcs | semmle.label | gcs |
| GroovyShellTest.java:59:25:59:54 | getParameter(...) : String | semmle.label | getParameter(...) : String |
| GroovyShellTest.java:60:21:60:26 | script | semmle.label | script |
#select
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:23:31:23:40 | expression | GroovyEvalTest.java:12:25:12:54 | getParameter(...) : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:23:31:23:40 | expression | Groovy Injection from $@. | GroovyEvalTest.java:12:25:12:54 | getParameter(...) | this user input |
| ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:31:27:31:36 | expression | GroovyEvalTest.java:24:25:24:54 | getParameter(...) : String | ../../../stubs/groovy-all-3.0.7/groovy/util/Eval.java:31:27:31:36 | expression | Groovy Injection from $@. | GroovyEvalTest.java:24:25:24:54 | getParameter(...) | this user input |
| GroovyClassLoaderTest.java:18:51:18:56 | script | GroovyClassLoaderTest.java:16:29:16:58 | getParameter(...) : String | GroovyClassLoaderTest.java:18:51:18:56 | script | Groovy Injection from $@. | GroovyClassLoaderTest.java:16:29:16:58 | getParameter(...) | this user input |
| GroovyClassLoaderTest.java:32:51:32:53 | gcs | GroovyClassLoaderTest.java:29:29:29:58 | getParameter(...) : String | GroovyClassLoaderTest.java:32:51:32:53 | gcs | Groovy Injection from $@. | GroovyClassLoaderTest.java:29:29:29:58 | getParameter(...) | this user input |
| GroovyEvalTest.java:13:17:13:22 | script | GroovyEvalTest.java:12:25:12:54 | getParameter(...) : String | GroovyEvalTest.java:13:17:13:22 | script | Groovy Injection from $@. | GroovyEvalTest.java:12:25:12:54 | getParameter(...) | this user input |
| GroovyEvalTest.java:19:35:19:40 | script | GroovyEvalTest.java:18:25:18:54 | getParameter(...) : String | GroovyEvalTest.java:19:35:19:40 | script | Groovy Injection from $@. | GroovyEvalTest.java:18:25:18:54 | getParameter(...) | this user input |
| GroovyEvalTest.java:25:27:25:32 | script | GroovyEvalTest.java:24:25:24:54 | getParameter(...) : String | GroovyEvalTest.java:25:27:25:32 | script | Groovy Injection from $@. | GroovyEvalTest.java:24:25:24:54 | getParameter(...) | this user input |
| GroovyEvalTest.java:32:39:32:44 | script | GroovyEvalTest.java:31:25:31:54 | getParameter(...) : String | GroovyEvalTest.java:32:39:32:44 | script | Groovy Injection from $@. | GroovyEvalTest.java:31:25:31:54 | getParameter(...) | this user input |
| GroovyEvalTest.java:38:47:38:52 | script | GroovyEvalTest.java:37:25:37:54 | getParameter(...) : String | GroovyEvalTest.java:38:47:38:52 | script | Groovy Injection from $@. | GroovyEvalTest.java:37:25:37:54 | getParameter(...) | this user input |
| GroovyShellTest.java:16:24:16:29 | script | GroovyShellTest.java:15:25:15:54 | getParameter(...) : String | GroovyShellTest.java:16:24:16:29 | script | Groovy Injection from $@. | GroovyShellTest.java:15:25:15:54 | getParameter(...) | this user input |
| GroovyShellTest.java:23:24:23:29 | script | GroovyShellTest.java:22:25:22:54 | getParameter(...) : String | GroovyShellTest.java:23:24:23:29 | script | Groovy Injection from $@. | GroovyShellTest.java:22:25:22:54 | getParameter(...) | this user input |
| GroovyShellTest.java:30:24:30:29 | script | GroovyShellTest.java:29:25:29:54 | getParameter(...) : String | GroovyShellTest.java:30:24:30:29 | script | Groovy Injection from $@. | GroovyShellTest.java:29:25:29:54 | getParameter(...) | this user input |
| GroovyShellTest.java:37:19:37:24 | script | GroovyShellTest.java:36:25:36:54 | getParameter(...) : String | GroovyShellTest.java:37:19:37:24 | script | Groovy Injection from $@. | GroovyShellTest.java:36:25:36:54 | getParameter(...) | this user input |
| GroovyShellTest.java:45:19:45:21 | gcs | GroovyShellTest.java:43:25:43:54 | getParameter(...) : String | GroovyShellTest.java:45:19:45:21 | gcs | Groovy Injection from $@. | GroovyShellTest.java:43:25:43:54 | getParameter(...) | this user input |
| GroovyShellTest.java:53:24:53:26 | gcs | GroovyShellTest.java:51:25:51:54 | getParameter(...) : String | GroovyShellTest.java:53:24:53:26 | gcs | Groovy Injection from $@. | GroovyShellTest.java:51:25:51:54 | getParameter(...) | this user input |
| GroovyShellTest.java:60:21:60:26 | script | GroovyShellTest.java:59:25:59:54 | getParameter(...) : String | GroovyShellTest.java:60:21:60:26 | script | Groovy Injection from $@. | GroovyShellTest.java:59:25:59:54 | getParameter(...) | this user input |

1
java/ql/test/experimental/query-tests/security/CWE-094/GroovyInjection.qlref
View File

@@ -1 +0,0 @@
experimental/Security/CWE/CWE-094/GroovyInjection.ql

63
java/ql/test/experimental/query-tests/security/CWE-094/GroovyShellTest.java
View File

@@ -1,63 +0,0 @@
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyShell;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
public class GroovyShellTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script);
}
protected void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test");
}
protected void doPut(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test", "test2");
}
protected void doOptions(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new String[]{});
}
protected void doHead(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new String[]{});
}
protected void doDelete(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.evaluate(gcs);
}
protected void doPatch(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script);
}
}

2
java/ql/test/experimental/query-tests/security/CWE-094/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.3.8:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/jython-2.7.2:${testdir}/../../../../experimental/stubs/rhino-1.7.13:${testdir}/../../../../stubs/bsh-2.0b5:${testdir}/../../../../experimental/stubs/jshell

5
java/ql/test/experimental/query-tests/security/CWE-522/InsecureBasicAuth.expected
View File

@@ -14,7 +14,10 @@ edges
| InsecureBasicAuth.java:109:19:109:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:110:58:110:63 | uriStr : String |
| InsecureBasicAuth.java:110:29:110:70 | new BasicRequestLine(...) : BasicRequestLine | InsecureBasicAuth.java:119:3:119:6 | post |
| InsecureBasicAuth.java:110:58:110:63 | uriStr : String | InsecureBasicAuth.java:110:29:110:70 | new BasicRequestLine(...) : BasicRequestLine |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:129:21:129:26 | urlStr : String |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL | InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:129:21:129:26 | urlStr : String | InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL |
| InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection | InsecureBasicAuth.java:133:3:133:6 | conn |
| InsecureBasicAuth.java:145:21:145:28 | protocol : String | InsecureBasicAuth.java:146:28:146:67 | (...)... : URLConnection |
| InsecureBasicAuth.java:146:28:146:67 | (...)... : URLConnection | InsecureBasicAuth.java:149:3:149:6 | conn |
@@ -40,6 +43,8 @@ nodes
| InsecureBasicAuth.java:110:58:110:63 | uriStr : String | semmle.label | uriStr : String |
| InsecureBasicAuth.java:119:3:119:6 | post | semmle.label | post |
| InsecureBasicAuth.java:126:19:126:68 | "http://www.example.com/rest/getuser.do?uid=abcdx" : String | semmle.label | "http://www.example.com/rest/getuser.do?uid=abcdx" : String |
| InsecureBasicAuth.java:129:13:129:27 | new URL(...) : URL | semmle.label | new URL(...) : URL |
| InsecureBasicAuth.java:129:21:129:26 | urlStr : String | semmle.label | urlStr : String |
| InsecureBasicAuth.java:130:28:130:67 | (...)... : URLConnection | semmle.label | (...)... : URLConnection |
| InsecureBasicAuth.java:133:3:133:6 | conn | semmle.label | conn |
| InsecureBasicAuth.java:145:21:145:28 | protocol : String | semmle.label | protocol : String |

32
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/lang/GroovyClassLoader.java
View File

@@ -1,32 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package groovy.lang;
public class GroovyClassLoader {
public GroovyClassLoader() {
}
public Class parseClass(String text) {
return null;
}
public Class parseClass(GroovyCodeSource gcs) {
return null;
}
}

66
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/lang/GroovyShell.java
View File

@@ -1,66 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package groovy.lang;
import java.util.*;
public class GroovyShell {
public GroovyShell() {}
public Object evaluate(GroovyCodeSource codeSource) {
return null;
}
public Object evaluate(String scriptText) {
return null;
}
public Object evaluate(String scriptText, String fileName) {
return null;
}
public Object evaluate(String scriptText, final String fileName, final String codeBase) {
return null;
}
public Object run(String scriptText, String fileName, List<String> list) {
return null;
}
public Object run(String scriptText, String fileName, String[] args) {
return null;
}
public Object run(GroovyCodeSource source, List<String> args) {
return null;
}
public Object run(GroovyCodeSource source, String[] args) {
return null;
}
public Script parse(String scriptText) {
return null;
}
public Script parse(final String scriptText, final String fileName) {
return null;
}
}

41
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/util/Eval.java
View File

@@ -1,41 +0,0 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package groovy.util;
public class Eval {
public static Object me(final String expression) {
return me(null, null, expression);
}
public static Object me(final String symbol, final Object object, final String expression) {
return null;
}
public static Object x(final Object x, final String expression) {
return me("x", x, expression);
}
public static Object xy(final Object x, final Object y, final String expression) {
return null;
}
public static Object xyz(final Object x, final Object y, final Object z, final String expression) {
return null;
}
}

55
java/ql/test/query-tests/security/CWE-094/GroovyClassLoaderTest.java Normal file
View File

@@ -0,0 +1,55 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.StringReader;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import groovy.lang.GroovyClassLoader;
import groovy.lang.GroovyCodeSource;
public class GroovyClassLoaderTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
classLoader.parseClass(gcs); // $hasGroovyInjection
}
// "groovy.lang;GroovyClassLoader;false;parseClass;(GroovyCodeSource,boolean);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
classLoader.parseClass(gcs, true); // $hasGroovyInjection
}
// "groovy.lang;GroovyClassLoader;false;parseClass;(InputStream,String);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
classLoader.parseClass(new ByteArrayInputStream(script.getBytes()), "test"); // $hasGroovyInjection
}
// "groovy.lang;GroovyClassLoader;false;parseClass;(Reader,String);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
classLoader.parseClass(new StringReader(script), "test"); // $hasGroovyInjection
}
// "groovy.lang;GroovyClassLoader;false;parseClass;(String);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
classLoader.parseClass(script); // $hasGroovyInjection
}
// "groovy.lang;GroovyClassLoader;false;parseClass;(String,String);;Argument[0];groovy",
{
String script = request.getParameter("script");
final GroovyClassLoader classLoader = new GroovyClassLoader();
classLoader.parseClass(script, "test"); // $hasGroovyInjection
}
}
}

97
java/ql/test/query-tests/security/CWE-094/GroovyCompilationUnitTest.java Normal file
View File

@@ -0,0 +1,97 @@
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URL;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.codehaus.groovy.control.CompilationUnit;
import org.codehaus.groovy.control.SourceUnit;
import org.codehaus.groovy.control.io.ReaderSource;
import org.codehaus.groovy.control.io.StringReaderSource;
import org.codehaus.groovy.tools.javac.JavaAwareCompilationUnit;
import org.codehaus.groovy.tools.javac.JavaStubCompilationUnit;
public class GroovyCompilationUnitTest extends HttpServlet {
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "org.codehaus.groovy.control;CompilationUnit;false;compile;;;Argument[-1];groovy"
{
CompilationUnit cu = new CompilationUnit();
cu.addSource("test", request.getParameter("source"));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource(request.getParameter("source"), "safe");
cu.compile(); // Safe
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource("test",
new ByteArrayInputStream(request.getParameter("source").getBytes()));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
cu.addSource(new URL(request.getParameter("source")));
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit("test", request.getParameter("source"), null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit(request.getParameter("source"), "safe", null, null, null);
cu.addSource(su);
cu.compile(); // Safe
}
{
CompilationUnit cu = new CompilationUnit();
StringReaderSource rs = new StringReaderSource(request.getParameter("source"), null);
SourceUnit su = new SourceUnit("test", rs, null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su =
new SourceUnit(new URL(request.getParameter("source")), null, null, null);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create("test", request.getParameter("source"));
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create("test", request.getParameter("source"), 0);
cu.addSource(su);
cu.compile(); // $hasGroovyInjection
}
{
CompilationUnit cu = new CompilationUnit();
SourceUnit su = SourceUnit.create(request.getParameter("source"), "safe", 0);
cu.addSource(su);
cu.compile(); // Safe
}
{
JavaAwareCompilationUnit cu = new JavaAwareCompilationUnit();
cu.addSource("test", request.getParameter("source"));
cu.compile(); // $hasGroovyInjection
}
{
JavaStubCompilationUnit cu = new JavaStubCompilationUnit(null, null);
cu.addSource("test", request.getParameter("source"));
cu.compile(); // Safe - JavaStubCompilationUnit only creates stubs
}
}
}

40
java/ql/test/query-tests/security/CWE-094/GroovyEvalTest.java Normal file
View File

@@ -0,0 +1,40 @@
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import groovy.util.Eval;
public class GroovyEvalTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "groovy.util;Eval;false;me;(String);;Argument[0];groovy",
{
String script = request.getParameter("script");
Eval.me(script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;me;(String,Object,String);;Argument[2];groovy",
{
String script = request.getParameter("script");
Eval.me("test", "result", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;x;(Object,String);;Argument[1];groovy",
{
String script = request.getParameter("script");
Eval.x("result2", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;xy;(Object,Object,String);;Argument[2];groovy",
{
String script = request.getParameter("script");
Eval.xy("result3", "result4", script); // $hasGroovyInjection
}
// "groovy.util;Eval;false;xyz;(Object,Object,Object,String);;Argument[3];groovy",
{
String script = request.getParameter("script");
Eval.xyz("result3", "result4", "aaa", script); // $hasGroovyInjection
}
}
}

0
java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.expected Normal file
View File

22
java/ql/test/query-tests/security/CWE-094/GroovyInjectionTest.ql Normal file
View File

@@ -0,0 +1,22 @@
import java
import semmle.code.java.dataflow.TaintTracking
import semmle.code.java.dataflow.FlowSources
import semmle.code.java.security.GroovyInjectionQuery
import TestUtilities.InlineExpectationsTest
class HasGroovyInjectionTest extends InlineExpectationsTest {
HasGroovyInjectionTest() { this = "HasGroovyInjectionTest" }
override string getARelevantTag() { result = "hasGroovyInjection" }
override predicate hasActualResult(Location location, string element, string tag, string value) {
tag = "hasGroovyInjection" and
exists(DataFlow::Node src, DataFlow::Node sink, GroovyInjectionConfig conf |
conf.hasFlow(src, sink)
|
sink.getLocation() = location and
element = sink.toString() and
value = ""
)
}
}

154
java/ql/test/query-tests/security/CWE-094/GroovyShellTest.java Normal file
View File

@@ -0,0 +1,154 @@
import java.io.IOException;
import java.io.Reader;
import java.io.StringReader;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import groovy.lang.GroovyCodeSource;
import groovy.lang.GroovyShell;
public class GroovyShellTest extends HttpServlet {
protected void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
// "groovy.lang;GroovyShell;false;evaluate;(GroovyCodeSource);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.evaluate(gcs); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(Reader);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.evaluate(reader); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(Reader,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.evaluate(reader, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(String,String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.evaluate(script, "test", "test2"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;evaluate;(URI);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(new URI(script)); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;parse;(Reader);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.parse(reader); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(Reader,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.parse(reader, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(String,String);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(script, "_"); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;parse;(URI);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.parse(new URI(script)); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(GroovyCodeSource,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
GroovyCodeSource gcs = new GroovyCodeSource(script, "test", "Test");
shell.run(gcs, new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(Reader,String,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.run(reader, "test", new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(Reader,String,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
Reader reader = new StringReader(script);
shell.run(reader, "test", new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(String,String,String[]);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new String[] {}); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(String,String,List);;Argument[0];groovy",
{
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(script, "_", new ArrayList<String>()); // $hasGroovyInjection
}
// "groovy.lang;GroovyShell;false;run;(URI,String[]);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(new URI(script), new String[] {}); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
// "groovy.lang;GroovyShell;false;run;(URI,List);;Argument[0];groovy",
try {
GroovyShell shell = new GroovyShell();
String script = request.getParameter("script");
shell.run(new URI(script), new ArrayList<String>()); // $hasGroovyInjection
} catch (URISyntaxException e) {
}
}
}

2
java/ql/test/query-tests/security/CWE-094/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/validation-api-2.0.1.Final:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../stubs/apache-commons-logging-1.2:${testdir}/../../../stubs/mvel2-2.4.7:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/scriptengine:${testdir}/../../../stubs/jsr223-api

5
java/ql/test/query-tests/security/CWE-311/CWE-319/HttpsUrls.expected
View File

@@ -1,10 +1,15 @@
edges
| HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:24:21:24:56 | ... + ... : String |
| HttpsUrlsTest.java:23:23:23:31 | "http://" : String | HttpsUrlsTest.java:28:50:28:50 | u |
| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | HttpsUrlsTest.java:28:50:28:50 | u |
| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL |
| HttpsUrlsTest.java:36:23:36:28 | "http" : String | HttpsUrlsTest.java:41:50:41:50 | u |
| HttpsUrlsTest.java:49:23:49:31 | "http://" : String | HttpsUrlsTest.java:55:50:55:50 | u |
| HttpsUrlsTest.java:87:23:87:28 | "http" : String | HttpsUrlsTest.java:92:50:92:50 | u |
nodes
| HttpsUrlsTest.java:23:23:23:31 | "http://" : String | semmle.label | "http://" : String |
| HttpsUrlsTest.java:24:13:24:57 | new URL(...) : URL | semmle.label | new URL(...) : URL |
| HttpsUrlsTest.java:24:21:24:56 | ... + ... : String | semmle.label | ... + ... : String |
| HttpsUrlsTest.java:28:50:28:50 | u | semmle.label | u |
| HttpsUrlsTest.java:36:23:36:28 | "http" : String | semmle.label | "http" : String |
| HttpsUrlsTest.java:41:50:41:50 | u | semmle.label | u |

287
java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/GroovyClassLoader.java Normal file
View File

@@ -0,0 +1,287 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
/*
* @todo multi threaded compiling of the same class but with different roots for compilation... T1
* compiles A, which uses B, T2 compiles B... mark A and B as parsed and then synchronize
* compilation. Problems: How to synchronize? How to get error messages?
*
*/
package groovy.lang;
import java.io.File;
import java.io.IOException;
import java.io.InputStream;
import java.io.Reader;
import java.net.URL;
import java.net.URLClassLoader;
import java.util.Enumeration;
import org.codehaus.groovy.ast.ClassNode;
import org.codehaus.groovy.control.CompilationFailedException;
import org.codehaus.groovy.control.CompilerConfiguration;
public class GroovyClassLoader extends URLClassLoader {
public GroovyClassLoader() {
super(null);
}
public GroovyClassLoader(ClassLoader loader) {
super(null);
}
public GroovyClassLoader(GroovyClassLoader parent) {
super(null);
}
public GroovyClassLoader(ClassLoader parent, CompilerConfiguration config,
boolean useConfigurationClasspath) {
super(null);
}
public GroovyClassLoader(ClassLoader loader, CompilerConfiguration config) {
super(null);
}
public Class defineClass(ClassNode classNode, String file, String newCodeBase) {
return null;
}
public boolean hasCompatibleConfiguration(CompilerConfiguration config) {
return false;
}
public Class parseClass(File file) throws CompilationFailedException, IOException {
return null;
}
public Class parseClass(final String text, final String fileName)
throws CompilationFailedException {
return null;
}
public Class parseClass(String text) throws CompilationFailedException {
return null;
}
public synchronized String generateScriptName() {
return null;
}
public Class parseClass(final Reader reader, final String fileName)
throws CompilationFailedException {
return null;
}
public Class parseClass(final InputStream in, final String fileName)
throws CompilationFailedException {
return null;
}
public Class parseClass(GroovyCodeSource codeSource) throws CompilationFailedException {
return null;
}
public Class parseClass(final GroovyCodeSource codeSource, boolean shouldCacheSource)
throws CompilationFailedException {
return null;
}
public static class InnerLoader extends GroovyClassLoader {
public InnerLoader(GroovyClassLoader delegate) {}
@Override
public void addClasspath(String path) {}
@Override
public void clearCache() {}
@Override
public URL findResource(String name) {
return null;
}
@Override
public Enumeration<URL> findResources(String name) throws IOException {
return null;
}
@Override
public Class[] getLoadedClasses() {
return null;
}
@Override
public URL getResource(String name) {
return null;
}
@Override
public InputStream getResourceAsStream(String name) {
return null;
}
@Override
public URL[] getURLs() {
return null;
}
@Override
public Class loadClass(String name, boolean lookupScriptFiles,
boolean preferClassOverScript, boolean resolve)
throws ClassNotFoundException, CompilationFailedException {
return null;
}
@Override
public Class parseClass(GroovyCodeSource codeSource, boolean shouldCache)
throws CompilationFailedException {
return null;
}
@Override
public void addURL(URL url) {}
@Override
public Class defineClass(ClassNode classNode, String file, String newCodeBase) {
return null;
}
@Override
public Class parseClass(File file) throws CompilationFailedException, IOException {
return null;
}
@Override
public Class parseClass(String text, String fileName) throws CompilationFailedException {
return null;
}
@Override
public Class parseClass(String text) throws CompilationFailedException {
return null;
}
@Override
public String generateScriptName() {
return null;
}
@Override
public Class parseClass(Reader reader, String fileName) throws CompilationFailedException {
return null;
}
@Override
public Class parseClass(InputStream in, String fileName) throws CompilationFailedException {
return null;
}
@Override
public Class parseClass(GroovyCodeSource codeSource) throws CompilationFailedException {
return null;
}
@Override
public Class defineClass(String name, byte[] b) {
return null;
}
@Override
public Class loadClass(String name, boolean lookupScriptFiles,
boolean preferClassOverScript)
throws ClassNotFoundException, CompilationFailedException {
return null;
}
@Override
public void setShouldRecompile(Boolean mode) {}
@Override
public Boolean isShouldRecompile() {
return null;
}
@Override
public Class<?> loadClass(String name) throws ClassNotFoundException {
return null;
}
@Override
public Enumeration<URL> getResources(String name) throws IOException {
return null;
}
@Override
public void setDefaultAssertionStatus(boolean enabled) {}
@Override
public void setPackageAssertionStatus(String packageName, boolean enabled) {}
@Override
public void setClassAssertionStatus(String className, boolean enabled) {}
@Override
public void clearAssertionStatus() {}
@Override
public void close() throws IOException {}
public long getTimeStamp() {
return 0;
}
}
public Class defineClass(String name, byte[] b) {
return null;
}
public Class loadClass(final String name, boolean lookupScriptFiles,
boolean preferClassOverScript)
throws ClassNotFoundException, CompilationFailedException {
return null;
}
public void addURL(URL url) {}
public void setShouldRecompile(Boolean mode) {}
public Boolean isShouldRecompile() {
return null;
}
public Class loadClass(final String name, boolean lookupScriptFiles,
boolean preferClassOverScript, boolean resolve)
throws ClassNotFoundException, CompilationFailedException {
return null;
}
@Override
public Class<?> loadClass(String name) throws ClassNotFoundException {
return null;
}
public void addClasspath(final String path) {}
public Class[] getLoadedClasses() {
return null;
}
public void clearCache() {}
@Override
public void close() throws IOException {}
}

0
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/lang/GroovyCodeSource.java → java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/GroovyCodeSource.java
View File

0
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/lang/GroovyObject.java → java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/GroovyObject.java
View File

34
java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/GroovyRuntimeException.java Normal file
View File

@@ -0,0 +1,34 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package groovy.lang;
public class GroovyRuntimeException extends RuntimeException {
public GroovyRuntimeException() {}
public GroovyRuntimeException(String message) {}
public GroovyRuntimeException(String message, Throwable cause) {}
public GroovyRuntimeException(Throwable t) {}
public String getMessage() {
return null;
}
public String getMessageWithoutLocationText() {
return null;
}
}

101
java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/GroovyShell.java Normal file
View File

@@ -0,0 +1,101 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package groovy.lang;
import java.io.Reader;
import java.net.URI;
import java.util.*;
public class GroovyShell {
public GroovyShell() {}
public Object evaluate(GroovyCodeSource codeSource) {
return null;
}
public Object evaluate(Reader in) {
return null;
}
public Object evaluate(Reader in, String fileName) {
return null;
}
public Object evaluate(String scriptText) {
return null;
}
public Object evaluate(String scriptText, String fileName) {
return null;
}
public Object evaluate(String scriptText, final String fileName, final String codeBase) {
return null;
}
public Object run(String scriptText, String fileName, List<String> list) {
return null;
}
public Object run(String scriptText, String fileName, String[] args) {
return null;
}
public Object run(Reader in, String fileName, List<String> list) {
return null;
}
public Object run(Reader in, String fileName, String[] args) {
return null;
}
public Object run(GroovyCodeSource source, List<String> list) {
return null;
}
public Object run(GroovyCodeSource source, String[] args) {
return null;
}
public Object run(URI source, List<String> list) {
return null;
}
public Object run(URI source, String[] args) {
return null;
}
public Script parse(Reader in) {
return null;
}
public Script parse(Reader reader, String fileName) {
return null;
}
public Script parse(String scriptText) {
return null;
}
public Script parse(final String scriptText, final String fileName) {
return null;
}
public Script parse(URI uri) {
return null;
}
}

0
java/ql/test/experimental/stubs/groovy-all-3.0.7/groovy/lang/Script.java → java/ql/test/stubs/groovy-all-3.0.7/groovy/lang/Script.java
View File

38
java/ql/test/stubs/groovy-all-3.0.7/groovy/util/Eval.java Normal file
View File

@@ -0,0 +1,38 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package groovy.util;
public class Eval {
public static Object me(final String expression) {
return null;
}
public static Object me(final String symbol, final Object object, final String expression) {
return null;
}
public static Object x(final Object x, final String expression) {
return null;
}
public static Object xy(final Object x, final Object y, final String expression) {
return null;
}
public static Object xyz(final Object x, final Object y, final Object z,
final String expression) {
return null;
}
}

252
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/ast/ClassNode.java Normal file
View File

@@ -0,0 +1,252 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.ast;
import java.util.List;
import java.util.Set;
public class ClassNode {
public ClassNode redirect() {
return null;
}
public boolean isRedirectNode() {
return false;
}
public void setRedirect(ClassNode node) {}
public ClassNode makeArray() {
return null;
}
public boolean isPrimaryClassNode() {
return false;
}
public ClassNode(Class<?> c) {}
public boolean isSyntheticPublic() {
return false;
}
public void setSyntheticPublic(boolean syntheticPublic) {}
public ClassNode(String name, int modifiers, ClassNode superClass) {}
public void setSuperClass(ClassNode superClass) {}
public ClassNode[] getInterfaces() {
return null;
}
public void setInterfaces(ClassNode[] interfaces) {}
public Set<ClassNode> getAllInterfaces() {
return null;
}
public String getName() {
return null;
}
public String getUnresolvedName() {
return null;
}
public String setName(String name) {
return null;
}
public int getModifiers() {
return 0;
}
public void setModifiers(int modifiers) {}
public boolean hasProperty(String name) {
return false;
}
public void addInterface(ClassNode type) {}
public boolean equals(Object that) {
return false;
}
public int hashCode() {
return 0;
}
public ClassNode getOuterClass() {
return null;
}
public List<ClassNode> getOuterClasses() {
return null;
}
public boolean isDerivedFrom(ClassNode type) {
return false;
}
public boolean isDerivedFromGroovyObject() {
return false;
}
public boolean implementsAnyInterfaces(ClassNode... classNodes) {
return false;
}
public boolean implementsInterface(ClassNode classNode) {
return false;
}
public boolean declaresAnyInterfaces(ClassNode... classNodes) {
return false;
}
public boolean declaresInterface(ClassNode classNode) {
return false;
}
public ClassNode getSuperClass() {
return null;
}
public ClassNode getUnresolvedSuperClass() {
return null;
}
public ClassNode getUnresolvedSuperClass(boolean useRedirect) {
return null;
}
public void setUnresolvedSuperClass(ClassNode superClass) {}
public ClassNode[] getUnresolvedInterfaces() {
return null;
}
public ClassNode[] getUnresolvedInterfaces(boolean useRedirect) {
return null;
}
public String getPackageName() {
return null;
}
public String getNameWithoutPackage() {
return null;
}
public boolean isStaticClass() {
return false;
}
public void setStaticClass(boolean staticClass) {}
public boolean isScriptBody() {
return false;
}
public void setScriptBody(boolean scriptBody) {}
public boolean isScript() {
return false;
}
public void setScript(boolean script) {}
public String toString() {
return null;
}
public String toString(boolean showRedirect) {
return null;
}
public boolean isInterface() {
return false;
}
public boolean isAbstract() {
return false;
}
public boolean isResolved() {
return false;
}
public boolean isArray() {
return false;
}
public ClassNode getComponentType() {
return null;
}
public Class getTypeClass() {
return null;
}
public boolean hasPackageName() {
return false;
}
public void setAnnotated(boolean annotated) {}
public boolean isAnnotated() {
return false;
}
public void setGenericsPlaceHolder(boolean placeholder) {}
public boolean isGenericsPlaceHolder() {
return false;
}
public boolean isUsingGenerics() {
return false;
}
public void setUsingGenerics(boolean usesGenerics) {}
public ClassNode getPlainNodeReference() {
return null;
}
public boolean isAnnotationDefinition() {
return false;
}
public void renameField(String oldName, String newName) {}
public void removeField(String oldName) {}
public boolean isEnum() {
return false;
}
}

21
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/CompilationFailedException.java Normal file
View File

@@ -0,0 +1,21 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control;
import groovy.lang.GroovyRuntimeException;
public class CompilationFailedException extends GroovyRuntimeException {
}

71
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/CompilationUnit.java Normal file
View File

@@ -0,0 +1,71 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control;
import groovy.lang.GroovyClassLoader;
import java.io.File;
import java.io.InputStream;
import java.net.URL;
import java.util.Iterator;
import java.util.Set;
public class CompilationUnit {
public CompilationUnit() {}
public CompilationUnit(final GroovyClassLoader loader) {}
public Set<javax.tools.JavaFileObject> getJavaCompilationUnitSet() {
return null;
}
public void addJavaCompilationUnits(
final Set<javax.tools.JavaFileObject> javaCompilationUnitSet) {}
public GroovyClassLoader getTransformLoader() {
return null;
}
public void addSources(final String[] paths) {}
public void addSources(final File[] files) {}
public SourceUnit addSource(final File file) {
return null;
}
public SourceUnit addSource(final URL url) {
return null;
}
public SourceUnit addSource(final String name, final InputStream stream) {
return null;
}
public SourceUnit addSource(final String name, final String scriptText) {
return null;
}
public SourceUnit addSource(final SourceUnit source) {
return null;
}
public Iterator<SourceUnit> iterator() {
return null;
}
public void compile() throws CompilationFailedException {}
public void compile(int throughPhase) throws CompilationFailedException {}
}

39
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/CompilerConfiguration.java Normal file
View File

@@ -0,0 +1,39 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control;
public class CompilerConfiguration {
public CompilerConfiguration() {}
public CompilerConfiguration(final CompilerConfiguration configuration) {}
public static boolean isPostJDK5(final String bytecodeVersion) {
return false;
}
public static boolean isPostJDK7(final String bytecodeVersion) {
return false;
}
public static boolean isPostJDK8(final String bytecodeVersion) {
return false;
}
public static boolean isPostJDK9(final String bytecodeVersion) {
return false;
}
}

51
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/ErrorCollector.java Normal file
View File

@@ -0,0 +1,51 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control;
import java.io.Serializable;
public class ErrorCollector implements Serializable {
public ErrorCollector(final CompilerConfiguration configuration) {}
public void addCollectorContents(final ErrorCollector that) {}
public void addException(final Exception exception, final SourceUnit source)
throws CompilationFailedException {}
public CompilerConfiguration getConfiguration() {
return null;
}
public int getErrorCount() {
return 0;
}
public boolean hasErrors() {
return false;
}
public int getWarningCount() {
return 0;
}
public boolean hasWarnings() {
return false;
}
public Exception getException(final int index) {
return null;
}
}

63
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/SourceUnit.java Normal file
View File

@@ -0,0 +1,63 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control;
import groovy.lang.GroovyClassLoader;
import org.codehaus.groovy.control.io.ReaderSource;
import java.io.File;
import java.net.URL;
public class SourceUnit {
public SourceUnit(String name, ReaderSource source, CompilerConfiguration flags,
GroovyClassLoader loader, ErrorCollector er) {}
public SourceUnit(File source, CompilerConfiguration configuration, GroovyClassLoader loader,
ErrorCollector er) {}
public SourceUnit(URL source, CompilerConfiguration configuration, GroovyClassLoader loader,
ErrorCollector er) {}
public SourceUnit(String name, String source, CompilerConfiguration configuration,
GroovyClassLoader loader, ErrorCollector er) {}
public String getName() {
return null;
}
public boolean failedWithUnexpectedEOF() {
return false;
}
public static SourceUnit create(String name, String source) {
return null;
}
public static SourceUnit create(String name, String source, int tolerance) {
return null;
}
public void parse() throws CompilationFailedException {}
public void convert() throws CompilationFailedException {}
public void addException(Exception e) throws CompilationFailedException {}
public ReaderSource getSource() {
return null;
}
public void setSource(ReaderSource source) {}
}

28
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/io/AbstractReaderSource.java Normal file
View File

@@ -0,0 +1,28 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control.io;
import org.codehaus.groovy.control.CompilerConfiguration;
public abstract class AbstractReaderSource implements ReaderSource {
public AbstractReaderSource(final CompilerConfiguration configuration) {}
public boolean canReopenSource() {
return false;
}
public void cleanup() {}
}

30
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/io/ReaderSource.java Normal file
View File

@@ -0,0 +1,30 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control.io;
import java.io.IOException;
import java.io.Reader;
import java.net.URI;
public interface ReaderSource {
Reader getReader() throws IOException;
boolean canReopenSource();
void cleanup();
URI getURI();
}

35
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/control/io/StringReaderSource.java Normal file
View File

@@ -0,0 +1,35 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.control.io;
import java.io.IOException;
import java.io.Reader;
import java.net.URI;
import org.codehaus.groovy.control.CompilerConfiguration;
public class StringReaderSource extends AbstractReaderSource {
public StringReaderSource(String string, CompilerConfiguration configuration) {
super(configuration);
}
public Reader getReader() throws IOException {
return null;
}
public URI getURI() {
return null;
}
}

39
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/tools/javac/JavaAwareCompilationUnit.java Normal file
View File

@@ -0,0 +1,39 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.tools.javac;
import groovy.lang.GroovyClassLoader;
import org.codehaus.groovy.control.CompilationUnit;
import org.codehaus.groovy.control.CompilerConfiguration;
import java.io.File;
public class JavaAwareCompilationUnit extends CompilationUnit {
public JavaAwareCompilationUnit() {}
public JavaAwareCompilationUnit(final CompilerConfiguration configuration) {}
public JavaAwareCompilationUnit(final CompilerConfiguration configuration,
final GroovyClassLoader groovyClassLoader) {}
public JavaAwareCompilationUnit(final CompilerConfiguration configuration,
final GroovyClassLoader groovyClassLoader, final GroovyClassLoader transformClassLoader) {}
@Override
public void addSources(final String[] paths) {}
@Override
public void addSources(final File[] files) {}
}

48
java/ql/test/stubs/groovy-all-3.0.7/org/codehaus/groovy/tools/javac/JavaStubCompilationUnit.java Normal file
View File

@@ -0,0 +1,48 @@
/*
* Licensed to the Apache Software Foundation (ASF) under one or more contributor license
* agreements. See the NOTICE file distributed with this work for additional information regarding
* copyright ownership. The ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the License. You may obtain a
* copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
* or implied. See the License for the specific language governing permissions and limitations under
* the License.
*/
package org.codehaus.groovy.tools.javac;
import groovy.lang.GroovyClassLoader;
import org.codehaus.groovy.control.CompilationFailedException;
import org.codehaus.groovy.control.CompilationUnit;
import org.codehaus.groovy.control.CompilerConfiguration;
import org.codehaus.groovy.control.SourceUnit;
import java.io.File;
import java.net.URL;
public class JavaStubCompilationUnit extends CompilationUnit {
public JavaStubCompilationUnit(final CompilerConfiguration config, final GroovyClassLoader gcl,
File destDir) {}
public JavaStubCompilationUnit(final CompilerConfiguration config, final GroovyClassLoader gcl) {}
public int getStubCount() {
return 0;
}
@Override
public void compile() throws CompilationFailedException {}
@Override
public SourceUnit addSource(final File file) {
return null;
}
@Override
public SourceUnit addSource(URL url) {
return null;
}
}