hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-25 00:27:09 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge tag 'codeql-cli/latest' into auto/sync-main-pr

Browse Source 
Compatible with the latest released version of the CodeQL CLI
This commit is contained in:
dilanbhalla
2025-04-22 14:59:21 +00:00
parent 7462e4003f 2409bcc0d6
commit ff154b11d0
728 changed files with 31702 additions and 5048 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
java/ql/integration-tests/java/buildless-inherit-trust-store/test.py
View File

@@ -1,10 +1,16 @@
import subprocess
import os
import runs_on
def test(codeql, java, cwd):
# This serves the "repo" directory on https://locahost:4443
repo_server_process = subprocess.Popen(["python3", "../server.py"], cwd="repo")
command = ["python3", "../server.py"]
if runs_on.github_actions and runs_on.posix:
# On GitHub Actions, we saw the server timing out while running in parallel with other tests
# we work around that by running it with higher permissions
command = ["sudo"] + command
repo_server_process = subprocess.Popen(command, cwd="repo")
certspath = cwd / "jdk8_shipped_cacerts_plus_cert_pem"
# If we override MAVEN_OPTS, we'll break cross-test maven isolation, so we need to append to it instead
maven_opts = os.environ["MAVEN_OPTS"] + f" -Djavax.net.ssl.trustStore={certspath}"

9
java/ql/integration-tests/java/buildless-snapshot-repository/test.py
View File

@@ -1,11 +1,16 @@
import subprocess
import sys
import runs_on
def test(codeql, java):
# This serves the "repo" directory on http://localhost:9427
command = ["python3", "-m", "http.server", "9427", "-b", "localhost"]
if runs_on.github_actions and runs_on.posix:
# On GitHub Actions, we saw the server timing out while running in parallel with other tests
# we work around that by running it with higher permissions
command = ["sudo"] + command
repo_server_process = subprocess.Popen(
[sys.executable, "-m", "http.server", "9427"], cwd="repo"
command, cwd="repo"
)
try:
codeql.database.create(

16
java/ql/integration-tests/java/gradle-sample-without-wrapper-or-gradle-buildless/diagnostics.expected
View File

@@ -1,10 +1,10 @@
{
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "note",
"markdownMessage": "Analyzed a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
"severity": "warning",
"source": {
"extractorName": "java",
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
"name": "Failed to extract dependency information from build tool tool Gradle"
"id": "java/autobuilder/guessed-gradle-version",
"name": "Required Gradle version not specified"
},
"visibility": {
"cliSummaryTable": true,
@@ -13,12 +13,12 @@
}
}
{
"markdownMessage": "Built a Gradle project without the [Gradle wrapper](https://docs.gradle.org/current/userguide/gradle_wrapper.html). This may use an incompatible version of Gradle.",
"severity": "warning",
"markdownMessage": "Build tool(s) should have been able to provide a recommended classpath but the attempt failed. Extraction will continue, but external dependencies will be inferred from the Java package names used. Consider troubleshooting the build tool error or using a build mode other than 'none'.",
"severity": "note",
"source": {
"extractorName": "java",
"id": "java/autobuilder/guessed-gradle-version",
"name": "Required Gradle version not specified"
"id": "java/autobuilder/buildless/classpath-from-tool-failed",
"name": "Failed to extract dependency information from build tool tool Gradle"
},
"visibility": {
"cliSummaryTable": true,

12
java/ql/integration-tests/java/query-suite/java-code-quality.qls.expected Normal file
View File

@@ -0,0 +1,12 @@
ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
ql/java/ql/src/Performance/StringReplaceAllWithNonRegex.ql

79
java/ql/integration-tests/java/query-suite/java-code-scanning.qls.expected Normal file
View File

@@ -0,0 +1,79 @@
ql/java/ql/src/Diagnostics/ExtractionErrors.ql
ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
ql/java/ql/src/Telemetry/ExtractorInformation.ql
ql/java/ql/src/Telemetry/SupportedExternalApis.ql
ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
ql/java/ql/src/Telemetry/SupportedExternalSources.ql
ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql

243
java/ql/integration-tests/java/query-suite/java-security-and-quality.qls.expected Normal file
View File

@@ -0,0 +1,243 @@
ql/java/ql/src/Advisory/Declarations/MissingOverrideAnnotation.ql
ql/java/ql/src/Advisory/Deprecated Code/AvoidDeprecatedCallableAccess.ql
ql/java/ql/src/Advisory/Documentation/ImpossibleJavadocThrows.ql
ql/java/ql/src/Advisory/Documentation/SpuriousJavadocParam.ql
ql/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
ql/java/ql/src/Compatibility/JDK9/UnderscoreIdentifier.ql
ql/java/ql/src/DeadCode/UselessParameter.ql
ql/java/ql/src/Diagnostics/ExtractionErrors.ql
ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
ql/java/ql/src/Language Abuse/ChainedInstanceof.ql
ql/java/ql/src/Language Abuse/IterableIterator.ql
ql/java/ql/src/Language Abuse/OverridePackagePrivate.ql
ql/java/ql/src/Language Abuse/TypeVarExtendsFinalType.ql
ql/java/ql/src/Language Abuse/TypeVariableHidesType.ql
ql/java/ql/src/Language Abuse/UselessNullCheck.ql
ql/java/ql/src/Language Abuse/UselessTypeTest.ql
ql/java/ql/src/Language Abuse/WrappedIterator.ql
ql/java/ql/src/Likely Bugs/Arithmetic/BadAbsOfRandom.ql
ql/java/ql/src/Likely Bugs/Arithmetic/ConstantExpAppearsNonConstant.ql
ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
ql/java/ql/src/Likely Bugs/Arithmetic/IntMultToLong.ql
ql/java/ql/src/Likely Bugs/Arithmetic/LShiftLargerThanTypeWidth.ql
ql/java/ql/src/Likely Bugs/Arithmetic/MultiplyRemainder.ql
ql/java/ql/src/Likely Bugs/Arithmetic/RandomUsedOnce.ql
ql/java/ql/src/Likely Bugs/Arithmetic/WhitespaceContradictsPrecedence.ql
ql/java/ql/src/Likely Bugs/Cloning/MissingCallToSuperClone.ql
ql/java/ql/src/Likely Bugs/Cloning/MissingMethodClone.ql
ql/java/ql/src/Likely Bugs/Collections/ArrayIndexOutOfBounds.ql
ql/java/ql/src/Likely Bugs/Collections/ContainsTypeMismatch.ql
ql/java/ql/src/Likely Bugs/Collections/IteratorRemoveMayFail.ql
ql/java/ql/src/Likely Bugs/Collections/ReadOnlyContainer.ql
ql/java/ql/src/Likely Bugs/Collections/RemoveTypeMismatch.ql
ql/java/ql/src/Likely Bugs/Collections/WriteOnlyContainer.ql
ql/java/ql/src/Likely Bugs/Comparison/CompareIdenticalValues.ql
ql/java/ql/src/Likely Bugs/Comparison/CovariantCompareTo.ql
ql/java/ql/src/Likely Bugs/Comparison/CovariantEquals.ql
ql/java/ql/src/Likely Bugs/Comparison/EqualsArray.ql
ql/java/ql/src/Likely Bugs/Comparison/HashedButNoHash.ql
ql/java/ql/src/Likely Bugs/Comparison/IncomparableEquals.ql
ql/java/ql/src/Likely Bugs/Comparison/InconsistentCompareTo.ql
ql/java/ql/src/Likely Bugs/Comparison/InconsistentEqualsHashCode.ql
ql/java/ql/src/Likely Bugs/Comparison/MissingInstanceofInEquals.ql
ql/java/ql/src/Likely Bugs/Comparison/RefEqBoxed.ql
ql/java/ql/src/Likely Bugs/Comparison/StringComparison.ql
ql/java/ql/src/Likely Bugs/Comparison/UselessComparisonTest.ql
ql/java/ql/src/Likely Bugs/Comparison/WrongNanComparison.ql
ql/java/ql/src/Likely Bugs/Concurrency/CallsToConditionWait.ql
ql/java/ql/src/Likely Bugs/Concurrency/CallsToRunnableRun.ql
ql/java/ql/src/Likely Bugs/Concurrency/DateFormatThreadUnsafe.ql
ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLocking.ql
ql/java/ql/src/Likely Bugs/Concurrency/DoubleCheckedLockingWithInitRace.ql
ql/java/ql/src/Likely Bugs/Concurrency/FutileSynchOnField.ql
ql/java/ql/src/Likely Bugs/Concurrency/NonSynchronizedOverride.ql
ql/java/ql/src/Likely Bugs/Concurrency/NotifyNotNotifyAll.ql
ql/java/ql/src/Likely Bugs/Concurrency/SleepWithLock.ql
ql/java/ql/src/Likely Bugs/Concurrency/StartInConstructor.ql
ql/java/ql/src/Likely Bugs/Concurrency/SynchOnBoxedType.ql
ql/java/ql/src/Likely Bugs/Concurrency/SynchSetUnsynchGet.ql
ql/java/ql/src/Likely Bugs/Concurrency/SynchWriteObject.ql
ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
ql/java/ql/src/Likely Bugs/Finalization/NullifiedSuperFinalize.ql
ql/java/ql/src/Likely Bugs/Frameworks/JUnit/BadSuiteMethod.ql
ql/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
ql/java/ql/src/Likely Bugs/Inheritance/NoNonFinalInConstructor.ql
ql/java/ql/src/Likely Bugs/Likely Typos/ContainerSizeCmpZero.ql
ql/java/ql/src/Likely Bugs/Likely Typos/ContradictoryTypeChecks.ql
ql/java/ql/src/Likely Bugs/Likely Typos/DangerousNonCircuitLogic.ql
ql/java/ql/src/Likely Bugs/Likely Typos/EqualsTypo.ql
ql/java/ql/src/Likely Bugs/Likely Typos/HashCodeTypo.ql
ql/java/ql/src/Likely Bugs/Likely Typos/MissingFormatArg.ql
ql/java/ql/src/Likely Bugs/Likely Typos/MissingSpaceTypo.ql
ql/java/ql/src/Likely Bugs/Likely Typos/SelfAssignment.ql
ql/java/ql/src/Likely Bugs/Likely Typos/StringBufferCharInit.ql
ql/java/ql/src/Likely Bugs/Likely Typos/SuspiciousDateFormat.ql
ql/java/ql/src/Likely Bugs/Likely Typos/ToStringTypo.ql
ql/java/ql/src/Likely Bugs/Likely Typos/UnusedFormatArg.ql
ql/java/ql/src/Likely Bugs/Nullness/NullAlways.ql
ql/java/ql/src/Likely Bugs/Nullness/NullExprDeref.ql
ql/java/ql/src/Likely Bugs/Nullness/NullMaybe.ql
ql/java/ql/src/Likely Bugs/Reflection/AnnotationPresentCheck.ql
ql/java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
ql/java/ql/src/Likely Bugs/Resource Leaks/CloseSql.ql
ql/java/ql/src/Likely Bugs/Resource Leaks/CloseWriter.ql
ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerialVersionUID.ql
ql/java/ql/src/Likely Bugs/Serialization/IncorrectSerializableMethods.ql
ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorOnExternalizable.ql
ql/java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql
ql/java/ql/src/Likely Bugs/Serialization/NonSerializableInnerClass.ql
ql/java/ql/src/Likely Bugs/Serialization/ReadResolveObject.ql
ql/java/ql/src/Likely Bugs/Statements/ContinueInFalseLoop.ql
ql/java/ql/src/Likely Bugs/Statements/MissingEnumInSwitch.ql
ql/java/ql/src/Likely Bugs/Statements/PartiallyMaskedCatch.ql
ql/java/ql/src/Likely Bugs/Statements/UseBraces.ql
ql/java/ql/src/Likely Bugs/Termination/ConstantLoopCondition.ql
ql/java/ql/src/Likely Bugs/Termination/SpinOnField.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
ql/java/ql/src/Performance/InefficientEmptyStringTest.ql
ql/java/ql/src/Performance/InefficientKeySetIterator.ql
ql/java/ql/src/Performance/InefficientOutputStream.ql
ql/java/ql/src/Performance/InefficientPrimConstructor.ql
ql/java/ql/src/Performance/InnerClassCouldBeStatic.ql
ql/java/ql/src/Performance/NewStringString.ql
ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
ql/java/ql/src/Telemetry/ExtractorInformation.ql
ql/java/ql/src/Telemetry/SupportedExternalApis.ql
ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
ql/java/ql/src/Telemetry/SupportedExternalSources.ql
ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
ql/java/ql/src/Violations of Best Practice/Boxed Types/BoxedVariable.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/CreatesEmptyZip.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/DeadRefTypes.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/InterfaceCannotBeImplemented.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/UnreadLocal.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLabel.ql
ql/java/ql/src/Violations of Best Practice/Declarations/NoConstantsOnly.ql
ql/java/ql/src/Violations of Best Practice/Exception Handling/IgnoreExceptionalReturn.ql
ql/java/ql/src/Violations of Best Practice/Exception Handling/NumberFormatException.ql
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/AbstractToConcreteCollection.ql
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/ExposeRepresentation.ql
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/GetClassGetResource.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/AmbiguousOuterSuper.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingMethodNames.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverloading.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/FieldMasksSuperField.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsFieldConfusing.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/SameNameAsSuper.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToRunFinalizersOnExit.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToStringToString.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/DefaultToString.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/NextFromIterator.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/PrintLnArray.ql

123
java/ql/integration-tests/java/query-suite/java-security-extended.qls.expected Normal file
View File

@@ -0,0 +1,123 @@
ql/java/ql/src/Diagnostics/ExtractionErrors.ql
ql/java/ql/src/Diagnostics/ExtractionWarnings.ql
ql/java/ql/src/Diagnostics/SuccessfullyExtractedFiles.ql
ql/java/ql/src/Likely Bugs/Arithmetic/InformationLoss.ql
ql/java/ql/src/Likely Bugs/Concurrency/UnreleasedLock.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCode.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeJava.ql
ql/java/ql/src/Metrics/Summaries/LinesOfCodeKotlin.ql
ql/java/ql/src/Security/CWE/CWE-020/OverlyLargeRange.ql
ql/java/ql/src/Security/CWE/CWE-022/TaintedPath.ql
ql/java/ql/src/Security/CWE/CWE-022/ZipSlip.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.ql
ql/java/ql/src/Security/CWE/CWE-023/PartialPathTraversalFromRemote.ql
ql/java/ql/src/Security/CWE/CWE-074/JndiInjection.ql
ql/java/ql/src/Security/CWE/CWE-074/XsltInjection.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecRelative.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTainted.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecTaintedEnvironment.ql
ql/java/ql/src/Security/CWE/CWE-078/ExecUnescaped.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewAddJavascriptInterface.ql
ql/java/ql/src/Security/CWE/CWE-079/AndroidWebViewSettingsEnabledJavaScript.ql
ql/java/ql/src/Security/CWE/CWE-079/XSS.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlConcatenated.ql
ql/java/ql/src/Security/CWE/CWE-089/SqlTainted.ql
ql/java/ql/src/Security/CWE/CWE-090/LdapInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/ArbitraryApkInstallation.ql
ql/java/ql/src/Security/CWE/CWE-094/GroovyInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/InsecureBeanValidation.ql
ql/java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/MvelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/SpelInjection.ql
ql/java/ql/src/Security/CWE/CWE-094/TemplateInjection.ql
ql/java/ql/src/Security/CWE/CWE-1104/MavenPomDependsOnBintray.ql
ql/java/ql/src/Security/CWE/CWE-113/NettyResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-113/ResponseSplitting.ql
ql/java/ql/src/Security/CWE/CWE-117/LogInjection.ql
ql/java/ql/src/Security/CWE/CWE-1204/StaticInitializationVector.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstruction.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndex.ql
ql/java/ql/src/Security/CWE/CWE-134/ExternallyControlledFormatString.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticTainted.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticUncontrolled.ql
ql/java/ql/src/Security/CWE/CWE-190/ComparisonWithWiderType.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveNotifications.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidSensitiveTextField.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsAllowsContentAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/AndroidWebViewSettingsFileAccess.ql
ql/java/ql/src/Security/CWE/CWE-200/SpringBootActuators.ql
ql/java/ql/src/Security/CWE/CWE-200/TempDirLocalInformationDisclosure.ql
ql/java/ql/src/Security/CWE/CWE-209/SensitiveDataExposureThroughErrorMessage.ql
ql/java/ql/src/Security/CWE/CWE-209/StackTraceExposure.ql
ql/java/ql/src/Security/CWE/CWE-266/IntentUriPermissionManipulation.ql
ql/java/ql/src/Security/CWE/CWE-273/UnsafeCertTrust.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureKeys.ql
ql/java/ql/src/Security/CWE/CWE-287/AndroidInsecureLocalAuthentication.ql
ql/java/ql/src/Security/CWE/CWE-295/AndroidMissingCertificatePinning.ql
ql/java/ql/src/Security/CWE/CWE-295/ImproperWebViewCertificateValidation.ql
ql/java/ql/src/Security/CWE/CWE-295/InsecureTrustManager.ql
ql/java/ql/src/Security/CWE/CWE-297/InsecureJavaMail.ql
ql/java/ql/src/Security/CWE/CWE-297/UnsafeHostnameVerification.ql
ql/java/ql/src/Security/CWE/CWE-312/AllowBackupAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidDatabase.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageAndroidFilesystem.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageCookie.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageProperties.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageSharedPrefs.ql
ql/java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql
ql/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
ql/java/ql/src/Security/CWE/CWE-330/InsecureRandomness.ql
ql/java/ql/src/Security/CWE/CWE-335/PredictableSeed.ql
ql/java/ql/src/Security/CWE/CWE-338/JHipsterGeneratedPRNG.ql
ql/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql
ql/java/ql/src/Security/CWE/CWE-352/CsrfUnprotectedRequestType.ql
ql/java/ql/src/Security/CWE/CWE-352/SpringCSRFProtection.ql
ql/java/ql/src/Security/CWE/CWE-367/TOCTOURace.ql
ql/java/ql/src/Security/CWE/CWE-421/SocketAuthRace.ql
ql/java/ql/src/Security/CWE/CWE-441/UnsafeContentUriResolution.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjection.ql
ql/java/ql/src/Security/CWE/CWE-470/FragmentInjectionInPreferenceActivity.ql
ql/java/ql/src/Security/CWE/CWE-489/DebuggableAttributeEnabled.ql
ql/java/ql/src/Security/CWE/CWE-489/WebviewDebuggingEnabled.ql
ql/java/ql/src/Security/CWE/CWE-501/TrustBoundaryViolation.ql
ql/java/ql/src/Security/CWE/CWE-502/UnsafeDeserialization.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureBasicAuth.ql
ql/java/ql/src/Security/CWE/CWE-522/InsecureLdapAuth.ql
ql/java/ql/src/Security/CWE/CWE-524/SensitiveKeyboardCache.ql
ql/java/ql/src/Security/CWE/CWE-532/SensitiveInfoLog.ql
ql/java/ql/src/Security/CWE/CWE-552/UrlForward.ql
ql/java/ql/src/Security/CWE/CWE-601/UrlRedirect.ql
ql/java/ql/src/Security/CWE/CWE-611/XXE.ql
ql/java/ql/src/Security/CWE/CWE-614/InsecureCookie.ql
ql/java/ql/src/Security/CWE/CWE-643/XPathInjection.ql
ql/java/ql/src/Security/CWE/CWE-676/PotentiallyDangerousFunction.ql
ql/java/ql/src/Security/CWE/CWE-681/NumericCastTainted.ql
ql/java/ql/src/Security/CWE/CWE-730/PolynomialReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/ReDoS.ql
ql/java/ql/src/Security/CWE/CWE-730/RegexInjection.ql
ql/java/ql/src/Security/CWE/CWE-732/ReadingFromWorldWritableFile.ql
ql/java/ql/src/Security/CWE/CWE-749/UnsafeAndroidAccess.ql
ql/java/ql/src/Security/CWE/CWE-780/RsaWithoutOaep.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsApiCall.ql
ql/java/ql/src/Security/CWE/CWE-807/ConditionalBypass.ql
ql/java/ql/src/Security/CWE/CWE-807/TaintedPermissionsCheck.ql
ql/java/ql/src/Security/CWE/CWE-829/InsecureDependencyResolution.ql
ql/java/ql/src/Security/CWE/CWE-835/InfiniteLoop.ql
ql/java/ql/src/Security/CWE/CWE-917/OgnlInjection.ql
ql/java/ql/src/Security/CWE/CWE-918/RequestForgery.ql
ql/java/ql/src/Security/CWE/CWE-925/ImproperIntentVerification.ql
ql/java/ql/src/Security/CWE/CWE-926/ContentProviderIncompletePermissions.ql
ql/java/ql/src/Security/CWE/CWE-926/ImplicitlyExportedAndroidComponent.ql
ql/java/ql/src/Security/CWE/CWE-927/ImplicitPendingIntents.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveCommunication.ql
ql/java/ql/src/Security/CWE/CWE-927/SensitiveResultReceiver.ql
ql/java/ql/src/Security/CWE/CWE-940/AndroidIntentRedirection.ql
ql/java/ql/src/Telemetry/DatabaseQualityDiagnostics.ql
ql/java/ql/src/Telemetry/ExternalLibraryUsage.ql
ql/java/ql/src/Telemetry/ExtractorInformation.ql
ql/java/ql/src/Telemetry/SupportedExternalApis.ql
ql/java/ql/src/Telemetry/SupportedExternalSinks.ql
ql/java/ql/src/Telemetry/SupportedExternalSources.ql
ql/java/ql/src/Telemetry/SupportedExternalTaint.ql
ql/java/ql/src/Telemetry/UnsupportedExternalAPIs.ql

285
java/ql/integration-tests/java/query-suite/not_included_in_qls.expected Normal file
View File

@@ -0,0 +1,285 @@
ql/java/ql/src/Advisory/Declarations/NonFinalImmutableField.ql
ql/java/ql/src/Advisory/Declarations/NonPrivateField.ql
ql/java/ql/src/Advisory/Documentation/MissingJavadocMethods.ql
ql/java/ql/src/Advisory/Documentation/MissingJavadocParameters.ql
ql/java/ql/src/Advisory/Documentation/MissingJavadocReturnValues.ql
ql/java/ql/src/Advisory/Documentation/MissingJavadocThrows.ql
ql/java/ql/src/Advisory/Documentation/MissingJavadocTypes.ql
ql/java/ql/src/Advisory/Java Objects/AvoidCloneMethodAccess.ql
ql/java/ql/src/Advisory/Java Objects/AvoidCloneOverride.ql
ql/java/ql/src/Advisory/Java Objects/AvoidCloneableInterface.ql
ql/java/ql/src/Advisory/Java Objects/AvoidFinalizeOverride.ql
ql/java/ql/src/Advisory/Naming/NamingConventionsConstants.ql
ql/java/ql/src/Advisory/Naming/NamingConventionsMethods.ql
ql/java/ql/src/Advisory/Naming/NamingConventionsPackages.ql
ql/java/ql/src/Advisory/Naming/NamingConventionsRefTypes.ql
ql/java/ql/src/Advisory/Naming/NamingConventionsVariables.ql
ql/java/ql/src/Advisory/Statements/MissingDefaultInSwitch.ql
ql/java/ql/src/Advisory/Statements/OneStatementPerLine.ql
ql/java/ql/src/Advisory/Statements/TerminateIfElseIfWithElse.ql
ql/java/ql/src/Advisory/Types/GenericsConstructor.ql
ql/java/ql/src/Advisory/Types/GenericsReturnType.ql
ql/java/ql/src/Advisory/Types/GenericsVariable.ql
ql/java/ql/src/AlertSuppression.ql
ql/java/ql/src/AlertSuppressionAnnotations.ql
ql/java/ql/src/Architecture/Dependencies/MutualDependency.ql
ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencyBinary.ql
ql/java/ql/src/Architecture/Dependencies/UnusedMavenDependencySource.ql
ql/java/ql/src/Architecture/Refactoring Opportunities/DeeplyNestedClass.ql
ql/java/ql/src/Architecture/Refactoring Opportunities/FeatureEnvy.ql
ql/java/ql/src/Architecture/Refactoring Opportunities/HubClasses.ql
ql/java/ql/src/Architecture/Refactoring Opportunities/InappropriateIntimacy.ql
ql/java/ql/src/Complexity/BlockWithTooManyStatements.ql
ql/java/ql/src/Complexity/ComplexCondition.ql
ql/java/ql/src/DeadCode/DeadClass.ql
ql/java/ql/src/DeadCode/DeadEnumConstant.ql
ql/java/ql/src/DeadCode/DeadField.ql
ql/java/ql/src/DeadCode/DeadMethod.ql
ql/java/ql/src/DeadCode/FLinesOfDeadCode.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbContainerInterference.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbFileIO.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbGraphics.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbNative.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbReflection.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSecurityConfiguration.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSerialization.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSetSocketOrUrlFactory.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSocketAsServer.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbStaticFieldNonFinal.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbSynchronization.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThis.ql
ql/java/ql/src/Frameworks/JavaEE/EJB/EjbThreads.ql
ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/MissingParentBean.ql
ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/TooManyBeans.ql
ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UnusedBean.ql
ql/java/ql/src/Frameworks/Spring/Architecture/Refactoring Opportunities/UselessPropertyOverride.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/AvoidAutowiring.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/DontUseConstructorArgIndex.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ImportsFirst.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/NoBeanDescription.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/ParentShouldNotUseAbstractClass.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseIdInsteadOfName.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseLocalRef.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseSetterInjection.ql
ql/java/ql/src/Frameworks/Spring/Violations of Best Practice/UseShortcutForms.ql
ql/java/ql/src/Frameworks/Spring/XML Configuration Errors/MissingSetters.ql
ql/java/ql/src/Language Abuse/CastThisToTypeParameter.ql
ql/java/ql/src/Language Abuse/DubiousDowncastOfThis.ql
ql/java/ql/src/Language Abuse/DubiousTypeTestOfThis.ql
ql/java/ql/src/Language Abuse/EmptyMethod.ql
ql/java/ql/src/Language Abuse/EmptyStatement.ql
ql/java/ql/src/Language Abuse/EnumIdentifier.ql
ql/java/ql/src/Language Abuse/ImplementsAnnotation.ql
ql/java/ql/src/Language Abuse/MissedTernaryOpportunity.ql
ql/java/ql/src/Language Abuse/UselessUpcast.ql
ql/java/ql/src/Likely Bugs/Arithmetic/BadCheckOdd.ql
ql/java/ql/src/Likely Bugs/Arithmetic/CondExprTypes.ql
ql/java/ql/src/Likely Bugs/Arithmetic/OctalLiteral.ql
ql/java/ql/src/Likely Bugs/Comparison/BitwiseSignCheck.ql
ql/java/ql/src/Likely Bugs/Comparison/DefineEqualsWhenAddingFields.ql
ql/java/ql/src/Likely Bugs/Comparison/EqualsUsesInstanceOf.ql
ql/java/ql/src/Likely Bugs/Comparison/NoAssignInBooleanExprs.ql
ql/java/ql/src/Likely Bugs/Comparison/NoComparisonOnFloats.ql
ql/java/ql/src/Likely Bugs/Comparison/ObjectComparison.ql
ql/java/ql/src/Likely Bugs/Concurrency/BusyWait.ql
ql/java/ql/src/Likely Bugs/Concurrency/EmptyRunMethodInThread.ql
ql/java/ql/src/Likely Bugs/Concurrency/InconsistentAccess.ql
ql/java/ql/src/Likely Bugs/Concurrency/LazyInitStaticField.ql
ql/java/ql/src/Likely Bugs/Concurrency/NotifyWithoutSynch.ql
ql/java/ql/src/Likely Bugs/Concurrency/PriorityCalls.ql
ql/java/ql/src/Likely Bugs/Concurrency/WaitOutsideLoop.ql
ql/java/ql/src/Likely Bugs/Concurrency/WaitWithTwoLocks.ql
ql/java/ql/src/Likely Bugs/Concurrency/YieldCalls.ql
ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TearDownNoSuper.ql
ql/java/ql/src/Likely Bugs/Frameworks/JUnit/TestCaseNoTests.ql
ql/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql
ql/java/ql/src/Likely Bugs/I18N/MissingLocaleArgument.ql
ql/java/ql/src/Likely Bugs/Likely Typos/ConstructorTypo.ql
ql/java/ql/src/Likely Bugs/Likely Typos/NestedLoopsSameVariable.ql
ql/java/ql/src/Likely Bugs/Serialization/NonSerializableComparator.ql
ql/java/ql/src/Likely Bugs/Serialization/NonSerializableField.ql
ql/java/ql/src/Likely Bugs/Serialization/TransientNotSerializable.ql
ql/java/ql/src/Likely Bugs/Statements/EmptyBlock.ql
ql/java/ql/src/Likely Bugs/Statements/EmptySynchronizedBlock.ql
ql/java/ql/src/Likely Bugs/Statements/ImpossibleCast.ql
ql/java/ql/src/Likely Bugs/Statements/InconsistentCallOnResult.ql
ql/java/ql/src/Likely Bugs/Statements/ReturnValueIgnored.ql
ql/java/ql/src/Likely Bugs/Statements/StaticFieldWrittenByInstance.ql
ql/java/ql/src/Metrics/Authors/AuthorsPerFile.ql
ql/java/ql/src/Metrics/Callables/CCyclomaticComplexity.ql
ql/java/ql/src/Metrics/Callables/CLinesOfCode.ql
ql/java/ql/src/Metrics/Callables/CLinesOfComment.ql
ql/java/ql/src/Metrics/Callables/CNumberOfCalls.ql
ql/java/ql/src/Metrics/Callables/CNumberOfParameters.ql
ql/java/ql/src/Metrics/Callables/CNumberOfStatements.ql
ql/java/ql/src/Metrics/Callables/StatementNestingDepth.ql
ql/java/ql/src/Metrics/Dependencies/ExternalDependencies.ql
ql/java/ql/src/Metrics/Dependencies/ExternalDependenciesSourceLinks.ql
ql/java/ql/src/Metrics/Files/FAfferentCoupling.ql
ql/java/ql/src/Metrics/Files/FCommentRatio.ql
ql/java/ql/src/Metrics/Files/FCyclomaticComplexity.ql
ql/java/ql/src/Metrics/Files/FEfferentCoupling.ql
ql/java/ql/src/Metrics/Files/FLines.ql
ql/java/ql/src/Metrics/Files/FLinesOfCode.ql
ql/java/ql/src/Metrics/Files/FLinesOfComment.ql
ql/java/ql/src/Metrics/Files/FLinesOfCommentedCode.ql
ql/java/ql/src/Metrics/Files/FLinesOfDuplicatedCode.ql
ql/java/ql/src/Metrics/Files/FLinesOfSimilarCode.ql
ql/java/ql/src/Metrics/Files/FNumberOfClasses.ql
ql/java/ql/src/Metrics/Files/FNumberOfInterfaces.ql
ql/java/ql/src/Metrics/Files/FNumberOfTests.ql
ql/java/ql/src/Metrics/Files/FSelfContainedness.ql
ql/java/ql/src/Metrics/RefTypes/TAfferentCoupling.ql
ql/java/ql/src/Metrics/RefTypes/TEfferentCoupling.ql
ql/java/ql/src/Metrics/RefTypes/TEfferentSourceCoupling.ql
ql/java/ql/src/Metrics/RefTypes/TInheritanceDepth.ql
ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionCK.ql
ql/java/ql/src/Metrics/RefTypes/TLackOfCohesionHS.ql
ql/java/ql/src/Metrics/RefTypes/TLinesOfCode.ql
ql/java/ql/src/Metrics/RefTypes/TLinesOfComment.ql
ql/java/ql/src/Metrics/RefTypes/TNumberOfCallables.ql
ql/java/ql/src/Metrics/RefTypes/TNumberOfFields.ql
ql/java/ql/src/Metrics/RefTypes/TNumberOfStatements.ql
ql/java/ql/src/Metrics/RefTypes/TPercentageOfComments.ql
ql/java/ql/src/Metrics/RefTypes/TPercentageOfComplexCode.ql
ql/java/ql/src/Metrics/RefTypes/TResponse.ql
ql/java/ql/src/Metrics/RefTypes/TSelfContainedness.ql
ql/java/ql/src/Metrics/RefTypes/TSizeOfAPI.ql
ql/java/ql/src/Metrics/RefTypes/TSpecialisationIndex.ql
ql/java/ql/src/Metrics/Summaries/FrameworkCoverage.ql
ql/java/ql/src/Metrics/Summaries/GeneratedVsManualCoverage.ql
ql/java/ql/src/Performance/ConcatenationInLoops.ql
ql/java/ql/src/Security/CWE/CWE-020/ExternalAPIsUsedWithUntrustedData.ql
ql/java/ql/src/Security/CWE/CWE-020/UntrustedDataToExternalAPI.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayConstructionCodeSpecified.ql
ql/java/ql/src/Security/CWE/CWE-129/ImproperValidationOfArrayIndexCodeSpecified.ql
ql/java/ql/src/Security/CWE/CWE-190/ArithmeticWithExtremeValues.ql
ql/java/ql/src/Security/CWE/CWE-312/CleartextStorageClass.ql
ql/java/ql/src/Security/CWE/CWE-319/HttpsUrls.ql
ql/java/ql/src/Security/CWE/CWE-319/UseSSL.ql
ql/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsComparison.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedCredentialsSourceCall.ql
ql/java/ql/src/Security/CWE/CWE-798/HardcodedPasswordField.ql
ql/java/ql/src/Security/CWE/CWE-833/LockOrderInconsistency.ql
ql/java/ql/src/Violations of Best Practice/Boolean Logic/SimplifyBoolExpr.ql
ql/java/ql/src/Violations of Best Practice/Comments/CommentedCode.ql
ql/java/ql/src/Violations of Best Practice/Comments/TodoComments.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/AssignmentInReturn.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocal.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/DeadStoreOfLocalUnread.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/EmptyFinalize.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/FinalizerNullsFields.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/LocalInitialisedButNotUsed.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/LocalNotRead.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/NonAssignedFields.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/PointlessForwardingMethod.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedField.ql
ql/java/ql/src/Violations of Best Practice/Dead Code/UnusedLocal.ql
ql/java/ql/src/Violations of Best Practice/Declarations/BreakInSwitchCase.ql
ql/java/ql/src/Violations of Best Practice/Declarations/MakeImportsExplicit.ql
ql/java/ql/src/Violations of Best Practice/Exception Handling/DroppedExceptions.ql
ql/java/ql/src/Violations of Best Practice/Exception Handling/ExceptionCatch.ql
ql/java/ql/src/Violations of Best Practice/Implementation Hiding/StaticArray.ql
ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsNumbers.ql
ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicConstantsString.ql
ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicNumbersUseConstant.ql
ql/java/ql/src/Violations of Best Practice/Magic Constants/MagicStringsUseConstant.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/ConfusingOverridesNames.ql
ql/java/ql/src/Violations of Best Practice/Naming Conventions/LocalShadowsField.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/CallsToSystemExit.ql
ql/java/ql/src/Violations of Best Practice/Undesirable Calls/GarbageCollection.ql
ql/java/ql/src/Violations of Best Practice/legacy/AutoBoxing.ql
ql/java/ql/src/Violations of Best Practice/legacy/FinallyMayNotComplete.ql
ql/java/ql/src/Violations of Best Practice/legacy/InexactVarArg.ql
ql/java/ql/src/Violations of Best Practice/legacy/ParameterAssignment.ql
ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryCast.ql
ql/java/ql/src/Violations of Best Practice/legacy/UnnecessaryImport.ql
ql/java/ql/src/definitions.ql
ql/java/ql/src/experimental/Security/CWE/CWE-016/InsecureSpringActuatorConfig.ql
ql/java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql
ql/java/ql/src/experimental/Security/CWE/CWE-073/FilePathInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExec.ql
ql/java/ql/src/experimental/Security/CWE/CWE-078/CommandInjectionRuntimeExecLocal.ql
ql/java/ql/src/experimental/Security/CWE/CWE-078/ExecTainted.ql
ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisAnnotationSqlInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-089/MyBatisMapperXmlSqlInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/BeanShellInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/InsecureDexLoading.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/JShellInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/JythonInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringImplicitViewManipulation.ql
ql/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulation.ql
ql/java/ql/src/experimental/Security/CWE/CWE-1004/InsecureTomcatConfig.ql
ql/java/ql/src/experimental/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
ql/java/ql/src/experimental/Security/CWE/CWE-200/InsecureWebResourceResponse.ql
ql/java/ql/src/experimental/Security/CWE/CWE-200/SensitiveAndroidFileLeak.ql
ql/java/ql/src/experimental/Security/CWE/CWE-208/PossibleTimingAttackAgainstSignature.ql
ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.ql
ql/java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstSignature.ql
ql/java/ql/src/experimental/Security/CWE/CWE-295/JxBrowserWithoutCertValidation.ql
ql/java/ql/src/experimental/Security/CWE/CWE-297/IgnoredHostnameVerification.ql
ql/java/ql/src/experimental/Security/CWE/CWE-297/InsecureLdapEndpoint.ql
ql/java/ql/src/experimental/Security/CWE/CWE-299/DisabledRevocationChecking.ql
ql/java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql
ql/java/ql/src/experimental/Security/CWE/CWE-327/UnsafeTlsVersion.ql
ql/java/ql/src/experimental/Security/CWE/CWE-346/UnvalidatedCors.ql
ql/java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.ql
ql/java/ql/src/experimental/Security/CWE/CWE-348/ClientSuppliedIpUsedInSecurityCheck.ql
ql/java/ql/src/experimental/Security/CWE/CWE-352/JsonpInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
ql/java/ql/src/experimental/Security/CWE/CWE-400/ThreadResourceAbuse.ql
ql/java/ql/src/experimental/Security/CWE/CWE-470/LoadClassNoSignatureCheck.ql
ql/java/ql/src/experimental/Security/CWE/CWE-470/UnsafeReflection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-489/EJBMain.ql
ql/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql
ql/java/ql/src/experimental/Security/CWE/CWE-489/devMode.ql
ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeDeserializationRmi.ql
ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInConfigurationClass.ql
ql/java/ql/src/experimental/Security/CWE/CWE-502/UnsafeSpringExporterInXMLConfiguration.ql
ql/java/ql/src/experimental/Security/CWE/CWE-522-DecompressionBombs/DecompressionBomb.ql
ql/java/ql/src/experimental/Security/CWE/CWE-548/InsecureDirectoryConfig.ql
ql/java/ql/src/experimental/Security/CWE/CWE-555/CredentialsInPropertiesFile.ql
ql/java/ql/src/experimental/Security/CWE/CWE-555/PasswordInConfigurationFile.ql
ql/java/ql/src/experimental/Security/CWE/CWE-598/SensitiveGetQuery.ql
ql/java/ql/src/experimental/Security/CWE/CWE-600/UncaughtServletException.ql
ql/java/ql/src/experimental/Security/CWE/CWE-601/SpringUrlRedirect.ql
ql/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegex.ql
ql/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjection.ql
ql/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
ql/java/ql/src/experimental/Security/CWE/CWE-755/NFEAndroidDoS.ql
ql/java/ql/src/experimental/Security/CWE/CWE-759/HashWithoutSalt.ql
ql/java/ql/src/experimental/Security/CWE/CWE-939/IncorrectURLVerification.ql
ql/java/ql/src/external/DuplicateAnonymous.ql
ql/java/ql/src/external/DuplicateBlock.ql
ql/java/ql/src/external/DuplicateMethod.ql
ql/java/ql/src/external/MostlyDuplicateClass.ql
ql/java/ql/src/external/MostlyDuplicateFile.ql
ql/java/ql/src/external/MostlyDuplicateMethod.ql
ql/java/ql/src/external/MostlySimilarFile.ql
ql/java/ql/src/filters/ClassifyFiles.ql
ql/java/ql/src/meta/frameworks/Coverage.ql
ql/java/ql/src/meta/ssa/AmbiguousToString.ql
ql/java/ql/src/meta/ssa/TooFewPhiInputs.ql
ql/java/ql/src/meta/ssa/UncertainDefWithoutPrior.ql
ql/java/ql/src/meta/ssa/UseWithoutUniqueSsaVariable.ql
ql/java/ql/src/utils/modelconverter/ExtractNeutrals.ql
ql/java/ql/src/utils/modelconverter/ExtractSinks.ql
ql/java/ql/src/utils/modelconverter/ExtractSources.ql
ql/java/ql/src/utils/modelconverter/ExtractSummaries.ql
ql/java/ql/src/utils/modeleditor/ApplicationModeEndpoints.ql
ql/java/ql/src/utils/modeleditor/FrameworkModeEndpoints.ql
ql/java/ql/src/utils/modelgenerator/CaptureContentSummaryModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureMixedNeutralModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureMixedSummaryModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureNeutralModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureSinkModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureSourceModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureSummaryModels.ql
ql/java/ql/src/utils/modelgenerator/CaptureTypeBasedSummaryModels.ql
ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPartialPath.ql
ql/java/ql/src/utils/modelgenerator/debug/CaptureSummaryModelsPath.ql
ql/java/ql/src/utils/stub-generator/MinimalStubsFromSource.ql

29
java/ql/integration-tests/java/query-suite/test.py Normal file
View File

@@ -0,0 +1,29 @@
import os
import runs_on
import pytest
well_known_query_suites = ['java-code-quality.qls', 'java-security-and-quality.qls', 'java-security-extended.qls', 'java-code-scanning.qls']
@runs_on.posix
@pytest.mark.parametrize("query_suite", well_known_query_suites)
def test(codeql, java, cwd, expected_files, semmle_code_dir, query_suite):
actual = codeql.resolve.queries(query_suite, _capture=True).strip()
actual = sorted(actual.splitlines())
actual = [os.path.relpath(q, semmle_code_dir) for q in actual]
actual_file_name = query_suite + '.actual'
expected_files.add(actual_file_name)
(cwd / actual_file_name).write_text('\n'.join(actual)+'\n')
@runs_on.posix
def test_not_included_queries(codeql, java, cwd, expected_files, semmle_code_dir):
all_queries = codeql.resolve.queries(semmle_code_dir / 'ql' / 'java' / 'ql' / 'src', _capture=True).strip().splitlines()
included_in_qls = set()
for query_suite in well_known_query_suites:
included_in_qls |= set(codeql.resolve.queries(query_suite, _capture=True).strip().splitlines())
not_included = sorted(set(all_queries) - included_in_qls)
not_included = [os.path.relpath(q, semmle_code_dir) for q in not_included]
not_included_file_name = 'not_included_in_qls.actual'
expected_files.add(not_included_file_name)
(cwd / not_included_file_name).write_text('\n'.join(not_included)+'\n')

7
java/ql/lib/CHANGELOG.md
View File

@@ -1,3 +1,10 @@
## 7.1.3
### Minor Analysis Improvements
* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.
## 7.1.2
### Minor Analysis Improvements

6
java/ql/lib/change-notes/released/7.1.3.md Normal file
View File

@@ -0,0 +1,6 @@
## 7.1.3
### Minor Analysis Improvements
* Enum-typed values are now assumed to be safe by most queries. This means that queries may return fewer results where an enum value is used in a sensitive context, e.g. pasted into a query string.
* All existing modelling and support for `javax.persistence` now applies to `jakarta.persistence` as well.

2
java/ql/lib/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 7.1.2
lastReleaseVersion: 7.1.3

2
java/ql/lib/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 7.1.2
version: 7.1.3
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

4
java/ql/lib/semmle/code/java/deadcode/DeadField.qll
View File

@@ -161,10 +161,10 @@ class JpaReadField extends ReflectivelyReadField {
this = entity.getAField() and
(
entity.getAccessType() = "field" or
this.hasAnnotation("javax.persistence", "Access")
this.hasAnnotation(getAPersistencePackageName(), "Access")
)
|
not this.hasAnnotation("javax.persistence", "Transient") and
not this.hasAnnotation(getAPersistencePackageName(), "Transient") and
not this.isStatic() and
not this.isFinal()
)

3
java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
View File

@@ -7,6 +7,7 @@ import semmle.code.java.deadcode.StrutsEntryPoints
import semmle.code.java.deadcode.TestEntryPoints
import semmle.code.java.deadcode.WebEntryPoints
import semmle.code.java.frameworks.javaee.JavaServerFaces
import semmle.code.java.frameworks.javaee.Persistence
import semmle.code.java.frameworks.JAXB
import semmle.code.java.frameworks.JaxWS
import semmle.code.java.JMX
@@ -395,7 +396,7 @@ class PersistencePropertyMethod extends CallableEntryPoint {
this = e.getACallable() and
(
e.getAccessType() = "property" or
this.hasAnnotation("javax.persistence", "Access")
this.hasAnnotation(getAPersistencePackageName(), "Access")
) and
(
this.getName().matches("get%") or

383
java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
View File

@@ -4,6 +4,11 @@
import java
/**
* Gets a JavaEE Persistence API package name.
*/
string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] }
/**
* A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA
* compatible framework.
@@ -27,13 +32,13 @@ class PersistentEntity extends RefType {
else
// If the access type is not explicit, then the location of the `Id` annotation determines
// which access type is used.
if this.getAMethod().hasAnnotation("javax.persistence", "Id")
if this.getAMethod().hasAnnotation(getAPersistencePackageName(), "Id")
then result = "property"
else result = "field"
}
/**
* Gets the access type for this entity as defined by a `@javax.persistence.Access` annotation,
* Gets the access type for this entity as defined by a `@{javax,jakarta}.persistence.Access` annotation,
* if any, in lower case.
*/
string getAccessTypeFromAnnotation() {
@@ -44,617 +49,673 @@ class PersistentEntity extends RefType {
}
/*
* Annotations in the `javax.persistence` package.
* Annotations in the `{javax,jakarta}.persistence` package.
*/
/**
* A `@javax.persistence.Access` annotation.
* A `@{javax,jakarta}.persistence.Access` annotation.
*/
class AccessAnnotation extends Annotation {
AccessAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Access") }
AccessAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Access") }
}
/**
* A `@javax.persistence.AccessType` annotation.
* A `@{javax,jakarta}.persistence.AccessType` annotation.
*/
class AccessTypeAnnotation extends Annotation {
AccessTypeAnnotation() { this.getType().hasQualifiedName("javax.persistence", "AccessType") }
AccessTypeAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "AccessType")
}
}
/**
* A `@javax.persistence.AssociationOverride` annotation.
* A `@{javax,jakarta}.persistence.AssociationOverride` annotation.
*/
class AssociationOverrideAnnotation extends Annotation {
AssociationOverrideAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "AssociationOverride")
this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverride")
}
}
/**
* A `@javax.persistence.AssociationOverrides` annotation.
* A `@{javax,jakarta}.persistence.AssociationOverrides` annotation.
*/
class AssociationOverridesAnnotation extends Annotation {
AssociationOverridesAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "AssociationOverrides")
this.getType().hasQualifiedName(getAPersistencePackageName(), "AssociationOverrides")
}
}
/**
* A `@javax.persistence.AttributeOverride` annotation.
* A `@{javax,jakarta}.persistence.AttributeOverride` annotation.
*/
class AttributeOverrideAnnotation extends Annotation {
AttributeOverrideAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "AttributeOverride")
this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverride")
}
}
/**
* A `@javax.persistence.AttributeOverrides` annotation.
* A `@{javax,jakarta}.persistence.AttributeOverrides` annotation.
*/
class AttributeOverridesAnnotation extends Annotation {
AttributeOverridesAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "AttributeOverrides")
this.getType().hasQualifiedName(getAPersistencePackageName(), "AttributeOverrides")
}
}
/**
* A `@javax.persistence.Basic` annotation.
* A `@{javax,jakarta}.persistence.Basic` annotation.
*/
class BasicAnnotation extends Annotation {
BasicAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Basic") }
BasicAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Basic") }
}
/**
* A `@javax.persistence.Cacheable` annotation.
* A `@{javax,jakarta}.persistence.Cacheable` annotation.
*/
class CacheableAnnotation extends Annotation {
CacheableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Cacheable") }
CacheableAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "Cacheable")
}
}
/**
* A `@javax.persistence.CollectionTable` annotation.
* A `@{javax,jakarta}.persistence.CollectionTable` annotation.
*/
class CollectionTableAnnotation extends Annotation {
CollectionTableAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "CollectionTable")
this.getType().hasQualifiedName(getAPersistencePackageName(), "CollectionTable")
}
}
/**
* A `@javax.persistence.Column` annotation.
* A `@{javax,jakarta}.persistence.Column` annotation.
*/
class ColumnAnnotation extends Annotation {
ColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Column") }
ColumnAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Column") }
}
/**
* A `@javax.persistence.ColumnResult` annotation.
* A `@{javax,jakarta}.persistence.ColumnResult` annotation.
*/
class ColumnResultAnnotation extends Annotation {
ColumnResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ColumnResult") }
ColumnResultAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "ColumnResult")
}
}
/**
* A `@javax.persistence.DiscriminatorColumn` annotation.
* A `@{javax,jakarta}.persistence.DiscriminatorColumn` annotation.
*/
class DiscriminatorColumnAnnotation extends Annotation {
DiscriminatorColumnAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "DiscriminatorColumn")
this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorColumn")
}
}
/**
* A `@javax.persistence.DiscriminatorValue` annotation.
* A `@{javax,jakarta}.persistence.DiscriminatorValue` annotation.
*/
class DiscriminatorValueAnnotation extends Annotation {
DiscriminatorValueAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "DiscriminatorValue")
this.getType().hasQualifiedName(getAPersistencePackageName(), "DiscriminatorValue")
}
}
/**
* A `@javax.persistence.ElementCollection` annotation.
* A `@{javax,jakarta}.persistence.ElementCollection` annotation.
*/
class ElementCollectionAnnotation extends Annotation {
ElementCollectionAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "ElementCollection")
this.getType().hasQualifiedName(getAPersistencePackageName(), "ElementCollection")
}
}
/**
* A `@javax.persistence.Embeddable` annotation.
* A `@{javax,jakarta}.persistence.Embeddable` annotation.
*/
class EmbeddableAnnotation extends Annotation {
EmbeddableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embeddable") }
EmbeddableAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "Embeddable")
}
}
/**
* A `@javax.persistence.Embedded` annotation.
* A `@{javax,jakarta}.persistence.Embedded` annotation.
*/
class EmbeddedAnnotation extends Annotation {
EmbeddedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Embedded") }
EmbeddedAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Embedded") }
}
/**
* A `@javax.persistence.EmbeddedId` annotation.
* A `@{javax,jakarta}.persistence.EmbeddedId` annotation.
*/
class EmbeddedIdAnnotation extends Annotation {
EmbeddedIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EmbeddedId") }
EmbeddedIdAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "EmbeddedId")
}
}
/**
* A `@javax.persistence.Entity` annotation.
* A `@{javax,jakarta}.persistence.Entity` annotation.
*/
class EntityAnnotation extends Annotation {
EntityAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Entity") }
EntityAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Entity") }
}
/**
* A `@javax.persistence.EntityListeners` annotation.
* A `@{javax,jakarta}.persistence.EntityListeners` annotation.
*/
class EntityListenersAnnotation extends Annotation {
EntityListenersAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "EntityListeners")
this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityListeners")
}
}
/**
* A `@javax.persistence.EntityResult` annotation.
* A `@{javax,jakarta}.persistence.EntityResult` annotation.
*/
class EntityResultAnnotation extends Annotation {
EntityResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "EntityResult") }
EntityResultAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "EntityResult")
}
}
/**
* A `@javax.persistence.Enumerated` annotation.
* A `@{javax,jakarta}.persistence.Enumerated` annotation.
*/
class EnumeratedAnnotation extends Annotation {
EnumeratedAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Enumerated") }
EnumeratedAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "Enumerated")
}
}
/**
* A `@javax.persistence.ExcludeDefaultListeners` annotation.
* A `@{javax,jakarta}.persistence.ExcludeDefaultListeners` annotation.
*/
class ExcludeDefaultListenersAnnotation extends Annotation {
ExcludeDefaultListenersAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "ExcludeDefaultListeners")
this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeDefaultListeners")
}
}
/**
* A `@javax.persistence.ExcludeSuperclassListeners` annotation.
* A `@{javax,jakarta}.persistence.ExcludeSuperclassListeners` annotation.
*/
class ExcludeSuperclassListenersAnnotation extends Annotation {
ExcludeSuperclassListenersAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "ExcludeSuperclassListeners")
this.getType().hasQualifiedName(getAPersistencePackageName(), "ExcludeSuperclassListeners")
}
}
/**
* A `@javax.persistence.FieldResult` annotation.
* A `@{javax,jakarta}.persistence.FieldResult` annotation.
*/
class FieldResultAnnotation extends Annotation {
FieldResultAnnotation() { this.getType().hasQualifiedName("javax.persistence", "FieldResult") }
FieldResultAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "FieldResult")
}
}
/**
* A `@javax.persistence.GeneratedValue` annotation.
* A `@{javax,jakarta}.persistence.GeneratedValue` annotation.
*/
class GeneratedValueAnnotation extends Annotation {
GeneratedValueAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "GeneratedValue")
this.getType().hasQualifiedName(getAPersistencePackageName(), "GeneratedValue")
}
}
/**
* A `@javax.persistence.Id` annotation.
* A `@{javax,jakarta}.persistence.Id` annotation.
*/
class IdAnnotation extends Annotation {
IdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Id") }
IdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Id") }
}
/**
* A `@javax.persistence.IdClass` annotation.
* A `@{javax,jakarta}.persistence.IdClass` annotation.
*/
class IdClassAnnotation extends Annotation {
IdClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "IdClass") }
IdClassAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "IdClass") }
}
/**
* A `@javax.persistence.Inheritance` annotation.
* A `@{javax,jakarta}.persistence.Inheritance` annotation.
*/
class InheritanceAnnotation extends Annotation {
InheritanceAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Inheritance") }
InheritanceAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "Inheritance")
}
}
/**
* A `@javax.persistence.JoinColumn` annotation.
* A `@{javax,jakarta}.persistence.JoinColumn` annotation.
*/
class JoinColumnAnnotation extends Annotation {
JoinColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumn") }
JoinColumnAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumn")
}
}
/**
* A `@javax.persistence.JoinColumns` annotation.
* A `@{javax,jakarta}.persistence.JoinColumns` annotation.
*/
class JoinColumnsAnnotation extends Annotation {
JoinColumnsAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinColumns") }
JoinColumnsAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinColumns")
}
}
/**
* A `@javax.persistence.JoinTable` annotation.
* A `@{javax,jakarta}.persistence.JoinTable` annotation.
*/
class JoinTableAnnotation extends Annotation {
JoinTableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "JoinTable") }
JoinTableAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "JoinTable")
}
}
/**
* A `@javax.persistence.Lob` annotation.
* A `@{javax,jakarta}.persistence.Lob` annotation.
*/
class LobAnnotation extends Annotation {
LobAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Lob") }
LobAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Lob") }
}
/**
* A `@javax.persistence.ManyToMany` annotation.
* A `@{javax,jakarta}.persistence.ManyToMany` annotation.
*/
class ManyToManyAnnotation extends Annotation {
ManyToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToMany") }
ManyToManyAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToMany")
}
}
/**
* A `@javax.persistence.ManyToOne` annotation.
* A `@{javax,jakarta}.persistence.ManyToOne` annotation.
*/
class ManyToOneAnnotation extends Annotation {
ManyToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "ManyToOne") }
ManyToOneAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "ManyToOne")
}
}
/**
* A `@javax.persistence.MapKey` annotation.
* A `@{javax,jakarta}.persistence.MapKey` annotation.
*/
class MapKeyAnnotation extends Annotation {
MapKeyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKey") }
MapKeyAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKey") }
}
/**
* A `@javax.persistence.MapKeyClass` annotation.
* A `@{javax,jakarta}.persistence.MapKeyClass` annotation.
*/
class MapKeyClassAnnotation extends Annotation {
MapKeyClassAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyClass") }
MapKeyClassAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyClass")
}
}
/**
* A `@javax.persistence.MapKeyColumn` annotation.
* A `@{javax,jakarta}.persistence.MapKeyColumn` annotation.
*/
class MapKeyColumnAnnotation extends Annotation {
MapKeyColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapKeyColumn") }
MapKeyColumnAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyColumn")
}
}
/**
* A `@javax.persistence.MapKeyEnumerated` annotation.
* A `@{javax,jakarta}.persistence.MapKeyEnumerated` annotation.
*/
class MapKeyEnumeratedAnnotation extends Annotation {
MapKeyEnumeratedAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "MapKeyEnumerated")
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyEnumerated")
}
}
/**
* A `@javax.persistence.MapKeyJoinColumn` annotation.
* A `@{javax,jakarta}.persistence.MapKeyJoinColumn` annotation.
*/
class MapKeyJoinColumnAnnotation extends Annotation {
MapKeyJoinColumnAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumn")
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumn")
}
}
/**
* A `@javax.persistence.MapKeyJoinColumns` annotation.
* A `@{javax,jakarta}.persistence.MapKeyJoinColumns` annotation.
*/
class MapKeyJoinColumnsAnnotation extends Annotation {
MapKeyJoinColumnsAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "MapKeyJoinColumns")
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyJoinColumns")
}
}
/**
* A `@javax.persistence.MapKeyTemporal` annotation.
* A `@{javax,jakarta}.persistence.MapKeyTemporal` annotation.
*/
class MapKeyTemporalAnnotation extends Annotation {
MapKeyTemporalAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "MapKeyTemporal")
this.getType().hasQualifiedName(getAPersistencePackageName(), "MapKeyTemporal")
}
}
/**
* A `@javax.persistence.MappedSuperclass` annotation.
* A `@{javax,jakarta}.persistence.MappedSuperclass` annotation.
*/
class MappedSuperclassAnnotation extends Annotation {
MappedSuperclassAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "MappedSuperclass")
this.getType().hasQualifiedName(getAPersistencePackageName(), "MappedSuperclass")
}
}
/**
* A `@javax.persistence.MapsId` annotation.
* A `@{javax,jakarta}.persistence.MapsId` annotation.
*/
class MapsIdAnnotation extends Annotation {
MapsIdAnnotation() { this.getType().hasQualifiedName("javax.persistence", "MapsId") }
MapsIdAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "MapsId") }
}
/**
* A `@javax.persistence.NamedNativeQueries` annotation.
* A `@{javax,jakarta}.persistence.NamedNativeQueries` annotation.
*/
class NamedNativeQueriesAnnotation extends Annotation {
NamedNativeQueriesAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "NamedNativeQueries")
this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQueries")
}
}
/**
* A `@javax.persistence.NamedNativeQuery` annotation.
* A `@{javax,jakarta}.persistence.NamedNativeQuery` annotation.
*/
class NamedNativeQueryAnnotation extends Annotation {
NamedNativeQueryAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "NamedNativeQuery")
this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedNativeQuery")
}
}
/**
* A `@javax.persistence.NamedQueries` annotation.
* A `@{javax,jakarta}.persistence.NamedQueries` annotation.
*/
class NamedQueriesAnnotation extends Annotation {
NamedQueriesAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQueries") }
NamedQueriesAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQueries")
}
}
/**
* A `@javax.persistence.NamedQuery` annotation.
* A `@{javax,jakarta}.persistence.NamedQuery` annotation.
*/
class NamedQueryAnnotation extends Annotation {
NamedQueryAnnotation() { this.getType().hasQualifiedName("javax.persistence", "NamedQuery") }
NamedQueryAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "NamedQuery")
}
}
/**
* A `@javax.persistence.OneToMany` annotation.
* A `@{javax,jakarta}.persistence.OneToMany` annotation.
*/
class OneToManyAnnotation extends Annotation {
OneToManyAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToMany") }
OneToManyAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToMany")
}
}
/**
* A `@javax.persistence.OneToOne` annotation.
* A `@{javax,jakarta}.persistence.OneToOne` annotation.
*/
class OneToOneAnnotation extends Annotation {
OneToOneAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OneToOne") }
OneToOneAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OneToOne") }
}
/**
* A `@javax.persistence.OrderBy` annotation.
* A `@{javax,jakarta}.persistence.OrderBy` annotation.
*/
class OrderByAnnotation extends Annotation {
OrderByAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderBy") }
OrderByAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderBy") }
}
/**
* A `@javax.persistence.OrderColumn` annotation.
* A `@{javax,jakarta}.persistence.OrderColumn` annotation.
*/
class OrderColumnAnnotation extends Annotation {
OrderColumnAnnotation() { this.getType().hasQualifiedName("javax.persistence", "OrderColumn") }
OrderColumnAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "OrderColumn")
}
}
/**
* A `@javax.persistence.PersistenceContext` annotation.
* A `@{javax,jakarta}.persistence.PersistenceContext` annotation.
*/
class PersistenceContextAnnotation extends Annotation {
PersistenceContextAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PersistenceContext")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContext")
}
}
/**
* A `@javax.persistence.PersistenceContexts` annotation.
* A `@{javax,jakarta}.persistence.PersistenceContexts` annotation.
*/
class PersistenceContextsAnnotation extends Annotation {
PersistenceContextsAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PersistenceContexts")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceContexts")
}
}
/**
* A `@javax.persistence.PersistenceProperty` annotation.
* A `@{javax,jakarta}.persistence.PersistenceProperty` annotation.
*/
class PersistencePropertyAnnotation extends Annotation {
PersistencePropertyAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PersistenceProperty")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceProperty")
}
}
/**
* A `@javax.persistence.PersistenceUnit` annotation.
* A `@{javax,jakarta}.persistence.PersistenceUnit` annotation.
*/
class PersistenceUnitAnnotation extends Annotation {
PersistenceUnitAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PersistenceUnit")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnit")
}
}
/**
* A `@javax.persistence.PersistenceUnits` annotation.
* A `@{javax,jakarta}.persistence.PersistenceUnits` annotation.
*/
class PersistenceUnitsAnnotation extends Annotation {
PersistenceUnitsAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PersistenceUnits")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PersistenceUnits")
}
}
/**
* A `@javax.persistence.PostLoad` annotation.
* A `@{javax,jakarta}.persistence.PostLoad` annotation.
*/
class PostLoadAnnotation extends Annotation {
PostLoadAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostLoad") }
PostLoadAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "PostLoad") }
}
/**
* A `@javax.persistence.PostPersist` annotation.
* A `@{javax,jakarta}.persistence.PostPersist` annotation.
*/
class PostPersistAnnotation extends Annotation {
PostPersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostPersist") }
PostPersistAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PostPersist")
}
}
/**
* A `@javax.persistence.PostRemove` annotation.
* A `@{javax,jakarta}.persistence.PostRemove` annotation.
*/
class PostRemoveAnnotation extends Annotation {
PostRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostRemove") }
PostRemoveAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PostRemove")
}
}
/**
* A `@javax.persistence.PostUpdate` annotation.
* A `@{javax,jakarta}.persistence.PostUpdate` annotation.
*/
class PostUpdateAnnotation extends Annotation {
PostUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PostUpdate") }
PostUpdateAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PostUpdate")
}
}
/**
* A `@javax.persistence.PrePersist` annotation.
* A `@{javax,jakarta}.persistence.PrePersist` annotation.
*/
class PrePersistAnnotation extends Annotation {
PrePersistAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PrePersist") }
PrePersistAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PrePersist")
}
}
/**
* A `@javax.persistence.PreRemove` annotation.
* A `@{javax,jakarta}.persistence.PreRemove` annotation.
*/
class PreRemoveAnnotation extends Annotation {
PreRemoveAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreRemove") }
PreRemoveAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PreRemove")
}
}
/**
* A `@javax.persistence.PreUpdate` annotation.
* A `@{javax,jakarta}.persistence.PreUpdate` annotation.
*/
class PreUpdateAnnotation extends Annotation {
PreUpdateAnnotation() { this.getType().hasQualifiedName("javax.persistence", "PreUpdate") }
PreUpdateAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "PreUpdate")
}
}
/**
* A `@javax.persistence.PrimaryKeyJoinColumn` annotation.
* A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumn` annotation.
*/
class PrimaryKeyJoinColumnAnnotation extends Annotation {
PrimaryKeyJoinColumnAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumn")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumn")
}
}
/**
* A `@javax.persistence.PrimaryKeyJoinColumns` annotation.
* A `@{javax,jakarta}.persistence.PrimaryKeyJoinColumns` annotation.
*/
class PrimaryKeyJoinColumnsAnnotation extends Annotation {
PrimaryKeyJoinColumnsAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "PrimaryKeyJoinColumns")
this.getType().hasQualifiedName(getAPersistencePackageName(), "PrimaryKeyJoinColumns")
}
}
/**
* A `@javax.persistence.QueryHint` annotation.
* A `@{javax,jakarta}.persistence.QueryHint` annotation.
*/
class QueryHintAnnotation extends Annotation {
QueryHintAnnotation() { this.getType().hasQualifiedName("javax.persistence", "QueryHint") }
QueryHintAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "QueryHint")
}
}
/**
* A `@javax.persistence.SecondaryTable` annotation.
* A `@{javax,jakarta}.persistence.SecondaryTable` annotation.
*/
class SecondaryTableAnnotation extends Annotation {
SecondaryTableAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "SecondaryTable")
this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTable")
}
}
/**
* A `@javax.persistence.SecondaryTables` annotation.
* A `@{javax,jakarta}.persistence.SecondaryTables` annotation.
*/
class SecondaryTablesAnnotation extends Annotation {
SecondaryTablesAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "SecondaryTables")
this.getType().hasQualifiedName(getAPersistencePackageName(), "SecondaryTables")
}
}
/**
* A `@javax.persistence.SequenceGenerator` annotation.
* A `@{javax,jakarta}.persistence.SequenceGenerator` annotation.
*/
class SequenceGeneratorAnnotation extends Annotation {
SequenceGeneratorAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "SequenceGenerator")
this.getType().hasQualifiedName(getAPersistencePackageName(), "SequenceGenerator")
}
}
/**
* A `@javax.persistence.SqlResultSetMapping` annotation.
* A `@{javax,jakarta}.persistence.SqlResultSetMapping` annotation.
*/
class SqlResultSetMappingAnnotation extends Annotation {
SqlResultSetMappingAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMapping")
this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMapping")
}
}
/**
* A `@javax.persistence.SqlResultSetMappings` annotation.
* A `@{javax,jakarta}.persistence.SqlResultSetMappings` annotation.
*/
class SqlResultSetMappingsAnnotation extends Annotation {
SqlResultSetMappingsAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "SqlResultSetMappings")
this.getType().hasQualifiedName(getAPersistencePackageName(), "SqlResultSetMappings")
}
}
/**
* A `@javax.persistence.Table` annotation.
* A `@{javax,jakarta}.persistence.Table` annotation.
*/
class TableAnnotation extends Annotation {
TableAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Table") }
TableAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Table") }
}
/**
* A `@javax.persistence.TableGenerator` annotation.
* A `@{javax,jakarta}.persistence.TableGenerator` annotation.
*/
class TableGeneratorAnnotation extends Annotation {
TableGeneratorAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "TableGenerator")
this.getType().hasQualifiedName(getAPersistencePackageName(), "TableGenerator")
}
}
/**
* A `@javax.persistence.Temporal` annotation.
* A `@{javax,jakarta}.persistence.Temporal` annotation.
*/
class TemporalAnnotation extends Annotation {
TemporalAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Temporal") }
TemporalAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Temporal") }
}
/**
* A `@javax.persistence.Transient` annotation.
* A `@{javax,jakarta}.persistence.Transient` annotation.
*/
class TransientAnnotation extends Annotation {
TransientAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Transient") }
TransientAnnotation() {
this.getType().hasQualifiedName(getAPersistencePackageName(), "Transient")
}
}
/**
* A `@javax.persistence.UniqueConstraint` annotation.
* A `@{javax,jakarta}.persistence.UniqueConstraint` annotation.
*/
class UniqueConstraintAnnotation extends Annotation {
UniqueConstraintAnnotation() {
this.getType().hasQualifiedName("javax.persistence", "UniqueConstraint")
this.getType().hasQualifiedName(getAPersistencePackageName(), "UniqueConstraint")
}
}
/**
* A `@javax.persistence.Version` annotation.
* A `@{javax,jakarta}.persistence.Version` annotation.
*/
class VersionAnnotation extends Annotation {
VersionAnnotation() { this.getType().hasQualifiedName("javax.persistence", "Version") }
VersionAnnotation() { this.getType().hasQualifiedName(getAPersistencePackageName(), "Version") }
}
/** The interface `javax.persistence.EntityManager`. */
/** The interface `{javax,jakarta}.persistence.EntityManager`. */
class TypeEntityManager extends Interface {
TypeEntityManager() { this.hasQualifiedName("javax.persistence", "EntityManager") }
TypeEntityManager() { this.hasQualifiedName(getAPersistencePackageName(), "EntityManager") }
/** Gets a method named `createQuery` declared in the `EntityManager` interface. */
Method getACreateQueryMethod() {
@@ -675,9 +736,9 @@ class TypeEntityManager extends Interface {
}
}
/** The interface `javax.persistence.Query`, which represents queries in the Java Persistence Query Language. */
/** The interface `{javax,jakarta}.persistence.Query`, which represents queries in the Java Persistence Query Language. */
class TypeQuery extends Interface {
TypeQuery() { this.hasQualifiedName("javax.persistence", "Query") }
TypeQuery() { this.hasQualifiedName(getAPersistencePackageName(), "Query") }
/** Gets a method named `setParameter` declared in the `Query` interface. */
Method getASetParameterMethod() {

3
java/ql/lib/semmle/code/java/security/Sanitizers.qll
View File

@@ -23,6 +23,7 @@ class SimpleTypeSanitizer extends DataFlow::Node {
this.getType()
.(RefType)
.getASourceSupertype*()
.hasQualifiedName("java.time.temporal", "TemporalAccessor")
.hasQualifiedName("java.time.temporal", "TemporalAccessor") or
this.getType() instanceof EnumType
}
}

4
java/ql/src/CHANGELOG.md
View File

@@ -1,3 +1,7 @@
## 1.4.1
No user-facing changes.
## 1.4.0
### New Queries

29
java/ql/src/Performance/StringReplaceAllWithNonRegex.md Normal file
View File

@@ -0,0 +1,29 @@
# Use of `String#replaceAll` with a first argument which is not a regular expression
Using `String#replaceAll` is less performant than `String#replace` when the first argument is not a regular expression.
## Overview
The `String#replaceAll` method is designed to work with regular expressions as its first parameter. When you use a simple string without any regex patterns (like special characters or syntax), it's more efficient to use `String#replace` instead. This is because `replaceAll` has to compile the input as a regular expression first, which adds unnecessary overhead when you are just replacing literal text.
## Recommendation
Use `String#replace` instead where a `replaceAll` call uses a trivial string as its first argument.
## Example
```java
public class Test {
void f() {
String s1 = "test";
s1 = s1.replaceAll("t", "x"); // NON_COMPLIANT
s1 = s1.replaceAll(".*", "x"); // COMPLIANT
}
}
```
## References
- Java SE Documentation: [String.replaceAll](https://docs.oracle.com/en/java/javase/20/docs/api/java.base/java/lang/String.html#replaceAll(java.lang.String,java.lang.String)).
- Common Weakness Enumeration: [CWE-1176](https://cwe.mitre.org/data/definitions/1176.html).

24
java/ql/src/Performance/StringReplaceAllWithNonRegex.ql Normal file
View File

@@ -0,0 +1,24 @@
/**
* @id java/string-replace-all-with-non-regex
* @name Use of `String#replaceAll` with a first argument which is not a regular expression
* @description Using `String#replaceAll` with a first argument which is not a regular expression
* is less efficient than using `String#replace`.
* @kind problem
* @precision very-high
* @problem.severity recommendation
* @tags quality
* reliability
* performance
* external/cwe/cwe-1176
*/
import java
from StringReplaceAllCall replaceAllCall, StringLiteral firstArg
where
firstArg = replaceAllCall.getArgument(0) and
//only contains characters that could be a simple string
firstArg.getValue().regexpMatch("^[a-zA-Z0-9]+$")
select replaceAllCall,
"This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression.",
firstArg, "first argument"

2
java/ql/src/Telemetry/SupportedExternalApis.ql
View File

@@ -2,7 +2,7 @@
* @name Usage of supported APIs coming from external libraries
* @description A list of supported 3rd party APIs used in the codebase. Excludes test and generated code.
* @kind metric
* @tags summary telemetry
* @tags summary telemetry exclude-from-incremental
* @id java/telemetry/supported-external-api
*/

2
java/ql/src/Telemetry/SupportedExternalSinks.ql
View File

@@ -2,7 +2,7 @@
* @name Supported sinks in external libraries
* @description A list of 3rd party APIs detected as sinks. Excludes test and generated code.
* @kind metric
* @tags summary telemetry
* @tags summary telemetry exclude-from-incremental
* @id java/telemetry/supported-external-api-sinks
*/

2
java/ql/src/Telemetry/UnsupportedExternalAPIs.ql
View File

@@ -2,7 +2,7 @@
* @name Usage of unsupported APIs coming from external libraries
* @description A list of 3rd party APIs used in the codebase. Excludes test and generated code.
* @kind metric
* @tags summary telemetry
* @tags summary telemetry exclude-from-incremental
* @id java/telemetry/unsupported-external-api
*/

3
java/ql/src/change-notes/released/1.4.1.md Normal file
View File

@@ -0,0 +1,3 @@
## 1.4.1
No user-facing changes.

2
java/ql/src/codeql-pack.release.yml
View File

@@ -1,2 +1,2 @@
---
lastReleaseVersion: 1.4.0
lastReleaseVersion: 1.4.1

15
java/ql/src/codeql-suites/java-code-quality.qls
View File

@@ -1,14 +1,15 @@
- queries: .
- include:
id:
- java/suspicious-date-format
- java/integer-multiplication-cast-to-long
- java/equals-on-unrelated-types
- java/contradictory-type-checks
- java/reference-equality-of-boxed-types
- java/equals-on-unrelated-types
- java/inconsistent-equals-and-hashcode
- java/input-resource-leak
- java/integer-multiplication-cast-to-long
- java/output-resource-leak
- java/reference-equality-of-boxed-types
- java/string-replace-all-with-non-regex
- java/suspicious-date-format
- java/type-variable-hides-type
- java/unchecked-cast-in-equals
- java/unused-container
- java/input-resource-leak
- java/output-resource-leak
- java/type-variable-hides-type

164
java/ql/src/codeql-suites/java-security-and-quality.qls
View File

@@ -1,4 +1,164 @@
- description: Security-and-quality queries for Java
- queries: .
- apply: security-and-quality-selectors.yml
from: codeql/suite-helpers
- include:
kind:
- problem
- path-problem
precision:
- high
- very-high
tags contain:
- security
- include:
kind:
- problem
- path-problem
precision: medium
problem.severity:
- error
- warning
tags contain:
- security
- include:
id:
- java/abs-of-random
- java/abstract-to-concrete-cast
- java/call-to-object-tostring
- java/call-to-thread-run
- java/chained-type-tests
- java/class-name-matches-super-class
- java/comparison-of-identical-expressions
- java/comparison-with-nan
- java/confusing-method-name
- java/confusing-method-signature
- java/constant-comparison
- java/constant-loop-condition
- java/constants-only-interface
- java/continue-in-false-loop
- java/contradictory-type-checks
- java/database-resource-leak
- java/deprecated-call
- java/dereferenced-expr-may-be-null
- java/dereferenced-value-is-always-null
- java/dereferenced-value-may-be-null
- java/empty-container
- java/empty-zip-file-entry
- java/equals-on-arrays
- java/equals-on-unrelated-types
- java/equals-typo
- java/evaluation-to-constant
- java/field-masks-super-field
- java/hashcode-typo
- java/hashing-without-hashcode
- java/ignored-error-status-of-call
- java/implicit-cast-in-compound-assignment
- java/inconsistent-compareto-and-equals
- java/inconsistent-equals-and-hashcode
- java/inconsistent-javadoc-throws
- java/inconsistent-sync-writeobject
- java/incorrect-serial-version-uid
- java/index-out-of-bounds
- java/ineffective-annotation-present-check
- java/inefficient-boxed-constructor
- java/inefficient-empty-string-test
- java/inefficient-key-set-iterator
- java/inefficient-output-stream
- java/inefficient-string-constructor
- java/input-resource-leak
- java/integer-multiplication-cast-to-long
- java/internal-representation-exposure
- java/iterable-wraps-iterator
- java/iterator-hasnext-calls-next
- java/iterator-implements-iterable
- java/iterator-remove-failure
- java/jdk-internal-api-access
- java/local-shadows-field
- java/local-variable-is-never-read
- java/lshift-larger-than-type-width
- java/misleading-indentation
- java/missing-call-to-super-clone
- java/missing-case-in-switch
- java/missing-clone-method
- java/missing-format-argument
- java/missing-no-arg-constructor-on-externalizable
- java/missing-no-arg-constructor-on-serializable
- java/missing-override-annotation
- java/missing-space-in-concatenation
- java/missing-super-finalize
- java/multiplication-of-remainder
- java/non-final-call-in-constructor
- java/non-null-boxed-variable
- java/non-overriding-package-private
- java/non-serializable-inner-class
- java/non-short-circuit-evaluation
- java/non-static-nested-class
- java/non-sync-override
- java/notify-instead-of-notify-all
- java/output-resource-leak
- java/print-array
- java/random-used-once
- java/redundant-assignment
- java/reference-equality-of-boxed-types
- java/reference-equality-on-strings
- java/run-finalizers-on-exit
- java/sleep-with-lock-held
- java/spin-on-field
- java/string-buffer-char-init
- java/subtle-inherited-call
- java/suspicious-date-format
- java/sync-on-boxed-types
- java/test-for-negative-container-size
- java/thread-start-in-constructor
- java/thread-unsafe-dateformat
- java/tostring-typo
- java/type-bound-extends-final
- java/type-mismatch-access
- java/type-mismatch-modification
- java/type-variable-hides-type
- java/uncaught-number-format-exception
- java/unchecked-cast-in-equals
- java/underscore-identifier
- java/unimplementable-interface
- java/unknown-javadoc-parameter
- java/unreachable-catch-clause
- java/unreleased-lock
- java/unsafe-double-checked-locking
- java/unsafe-double-checked-locking-init-order
- java/unsafe-get-resource
- java/unsafe-sync-on-field
- java/unsynchronized-getter
- java/unused-container
- java/unused-format-argument
- java/unused-label
- java/unused-parameter
- java/unused-reference-type
- java/useless-null-check
- java/useless-tostring-call
- java/useless-type-test
- java/wait-on-condition-interface
- java/whitespace-contradicts-precedence
- java/wrong-compareto-signature
- java/wrong-equals-signature
- java/wrong-junit-suite-signature
- java/wrong-object-serialization-signature
- java/wrong-readresolve-signature
- java/wrong-swing-event-adapter-signature
- include:
kind:
- diagnostic
- include:
kind:
- metric
tags contain:
- summary
- exclude:
deprecated: //
- exclude:
query path:
- /^experimental\/.*/
- Metrics/Summaries/FrameworkCoverage.ql
- /Diagnostics/Internal/.*/
- exclude:
tags contain:
- modeleditor
- modelgenerator

2
java/ql/src/qlpack.yml
View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 1.4.0
version: 1.4.1
groups:
- java
- queries

10
java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
View File

@@ -32,10 +32,16 @@ module ModelGeneratorInput implements ModelGeneratorInputSig<Location, JavaDataF
class Callable = J::Callable;
class NodeExtended extends DataFlow::Node {
Callable getAsExprEnclosingCallable() { result = this.asExpr().getEnclosingCallable() }
class NodeExtended = DataFlow::Node;
Callable getAsExprEnclosingCallable(NodeExtended node) {
result = node.asExpr().getEnclosingCallable()
}
Callable getEnclosingCallable(NodeExtended node) { result = node.getEnclosingCallable() }
Parameter asParameter(NodeExtended node) { result = node.asParameter() }
private predicate isInfrequentlyUsed(J::CompilationUnit cu) {
cu.getPackage().getName().matches("javax.swing%") or
cu.getPackage().getName().matches("java.awt%")

2
java/ql/test/library-tests/dataflow/capture/test.expected
View File

@@ -18,7 +18,6 @@
| A.java:21:11:21:13 | "B" : String | A.java:15:16:15:22 | get(...) : String |
| A.java:21:11:21:13 | "B" : String | A.java:21:7:21:13 | ...=... : String |
| A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | SSA phi(s) : String |
| A.java:21:11:21:13 | "B" : String | A.java:25:5:25:26 | phi(String s) : String |
| A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | String s : String |
| A.java:21:11:21:13 | "B" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] |
| A.java:21:11:21:13 | "B" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] |
@@ -35,7 +34,6 @@
| A.java:23:11:23:13 | "C" : String | A.java:15:16:15:22 | get(...) : String |
| A.java:23:11:23:13 | "C" : String | A.java:23:7:23:13 | ...=... : String |
| A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | SSA phi(s) : String |
| A.java:23:11:23:13 | "C" : String | A.java:25:5:25:26 | phi(String s) : String |
| A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | String s : String |
| A.java:23:11:23:13 | "C" : String | A.java:28:11:38:5 | new (...) : new A(...) { ... } [String s] |
| A.java:23:11:23:13 | "C" : String | A.java:30:14:30:16 | parameter this : new A(...) { ... } [String s] |

1
java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.expected Normal file
View File

@@ -0,0 +1 @@
| Test.java:4:14:4:36 | replaceAll(...) | This call to 'replaceAll' should be a call to 'replace' as its $@ is not a regular expression. | Test.java:4:28:4:30 | "t" | first argument |

2
java/ql/test/query-tests/StringReplaceAllWithNonRegex/StringReplaceAllWithNonRegex.qlref Normal file
View File

@@ -0,0 +1,2 @@
query: Performance/StringReplaceAllWithNonRegex.ql
postprocess: utils/test/InlineExpectationsTestQuery.ql

7
java/ql/test/query-tests/StringReplaceAllWithNonRegex/Test.java Normal file
View File

@@ -0,0 +1,7 @@
public class Test {
void f() {
String s1 = "test";
s1 = s1.replaceAll("t", "x"); // $ Alert // NON_COMPLIANT
s1 = s1.replaceAll(".*", "x"); // COMPLIANT
}
}

13
java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java Normal file
View File

@@ -0,0 +1,13 @@
import jakarta.persistence.EntityManager;
public class JakartaPersistence {
public static String source() { return null; }
public static void test(EntityManager entityManager) {
entityManager.createNativeQuery(source()); // $ sqlInjection
}
}

2
java/ql/test/query-tests/security/CWE-089/semmle/examples/options
View File

@@ -1 +1 @@
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive --release 21
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21

7
java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java generated Normal file
View File

@@ -0,0 +1,7 @@
package jakarta.persistence;
public interface EntityManager extends AutoCloseable {
Query createNativeQuery(String sqlString);
}

7
java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java generated Normal file
View File

@@ -0,0 +1,7 @@
package jakarta.persistence;
public interface Query {
int executeUpdate();
}