Compare commits

...

193 Commits

Author SHA1 Message Date
Calum Grant
ca5e0cf378 Flame graphs specify parent/child structure 2023-02-22 10:57:50 +00:00
Calum Grant
844fc617aa Fix 2023-02-22 10:07:43 +00:00
Calum Grant
2b91dfb908 Added a series column to the chart data 2023-02-22 10:01:41 +00:00
Calum Grant
dc2eada781 Fix formatting 2023-02-22 09:56:30 +00:00
Calum Grant
db5cc73754 Remove comment 2023-02-22 09:32:35 +00:00
Calum Grant
10d26d4f9d First draft graphs library 2023-02-22 09:28:14 +00:00
Mathias Vorreiter Pedersen
ad8d9c5b91 Merge pull request #12269 from github/tausbn/ql-add-json-extraction
QL: Add JSON (+C/L) extraction
2023-02-21 16:42:19 +00:00
Arthur Baars
aac65b0df0 Merge pull request #12268 from aibaars/update-erb
Ruby: update tree-sitter-embedded-template
2023-02-21 14:31:30 +01:00
Taus
b5ebd1a0fd QL: Add JSON (+C/L) extraction 2023-02-21 12:59:30 +00:00
Arthur Baars
814bef021d Ruby: update tree-sitter-embedded-template 2023-02-21 13:49:33 +01:00
Geoffrey White
c462e010d1 Merge pull request #12266 from geoffw0/taintplusequals
Swift: Taint through arithmetic
2023-02-21 09:32:53 +00:00
Geoffrey White
9b117fefd7 Swift: Generalize the arithmetic we allow taint through. 2023-02-20 18:18:15 +00:00
Geoffrey White
a5bb336647 Merge pull request #12265 from geoffw0/taintunaryplus
Swift: Add unary +
2023-02-20 18:04:37 +00:00
Geoffrey White
87c0b6195f Swift: Add taint tests for various arithmetic operators. 2023-02-20 17:22:51 +00:00
Geoffrey White
3038543242 Swift: Add UnaryPlusExpr. 2023-02-20 17:15:20 +00:00
Calum Grant
779c2365fe Merge pull request #12091 from github/cg/shared-code-metrics
Script to generate shared code metrics
2023-02-20 16:58:30 +00:00
Geoffrey White
e19e28fbb9 Merge pull request #12263 from geoffw0/flowsourceinline
Swift: Convert the flow sources test to inline expectations.
2023-02-20 16:13:01 +00:00
Erik Krogh Kristensen
6894803b14 Merge pull request #12257 from erik-krogh/compile-stuff
CI: Fix CI use of the compilation cache
2023-02-20 16:46:09 +01:00
Geoffrey White
31967cc032 Swift: Add a couple of dataflow test cases for operators that behave as an identity function. 2023-02-20 15:42:07 +00:00
erik-krogh
389b7ceff5 support the new shared compilation cache directory 2023-02-20 15:34:03 +01:00
erik-krogh
f6fdf45359 remember to actually output the compilation dir 2023-02-20 15:32:50 +01:00
Geoffrey White
690b5debf4 Swift: Remove the old test. 2023-02-20 13:58:53 +00:00
Geoffrey White
dd7f54677b Swift: Add inline expectation tags. 2023-02-20 13:57:24 +00:00
Joe Farebrother
1fb27354b9 Merge pull request #12242 from joefarebrother/testgen-improvements
Java: Test generator fixes
2023-02-20 13:53:18 +00:00
Alex Ford
774030a8db Merge pull request #12083 from pwntester/ruby_twirp_support
[Ruby] Add support for Twirp framework
2023-02-20 13:16:52 +00:00
yoff
52dd1f451c Merge pull request #12260 from yoff/python/fix-precision-usafe-unpack
python: Lower precision as discussed
2023-02-20 13:38:50 +01:00
Geoffrey White
b66ed57e17 Swift: Fix a mistake in FlowSources.qll. 2023-02-20 11:11:46 +00:00
Rasmus Lerchedahl Petersen
9e97877938 python: lower precision as discussed 2023-02-20 12:06:19 +01:00
Geoffrey White
d9f2d348f4 Swift: Add an inline expectations test for flow sources. 2023-02-20 11:03:10 +00:00
Tom Hvitved
658cc33bb8 Merge pull request #12212 from hvitved/util/inline-expect-test-use-end-line
Util: Use end line instead of start line for actual results
2023-02-20 11:41:02 +01:00
Geoffrey White
6cec8ece3f Swift: Split off FlowConfig.qll. 2023-02-20 10:27:40 +00:00
Harry Maclean
9aea725f3d Merge pull request #12053 from hmac/actioncontroller-renderer-2
Ruby: Model ApplicationController.renderer
2023-02-20 22:28:30 +13:00
Mathias Vorreiter Pedersen
49be5fd19a Merge pull request #12250 from geoffw0/filemanagersource
Swift: Taint sources for FileManager
2023-02-20 09:12:11 +00:00
Tom Hvitved
879eff41ea Merge branch 'main' into util/inline-expect-test-use-end-line 2023-02-20 10:03:38 +01:00
Rasmus Wriedt Larsen
efc75e02cc Merge pull request #12168 from RasmusWL/crypto-stdlib-modeling
Python: Add modeling of `hmac`
2023-02-20 09:26:53 +01:00
Harry Maclean
4e07fd3eb1 Ruby: Model ApplicationController.renderer 2023-02-19 13:37:27 +13:00
Taus
89aec093c8 Merge pull request #12233 from github/tausbn/add-blame-extractor 2023-02-18 15:06:25 +01:00
erik-krogh
cd823d7495 add git info to the checkout 2023-02-18 13:43:24 +01:00
erik-krogh
52a9d5379b add buramu to the files cached for the extractor 2023-02-18 13:22:41 +01:00
erik-krogh
db9a0d1c52 make the deprecation query calculate based on months, and adjust the cutoff to 14 months 2023-02-18 12:39:16 +01:00
erik-krogh
6f8ae703ca add the deprecation file when running QL-for-QL 2023-02-18 12:31:14 +01:00
erik-krogh
1a308316c6 fix join-order of ql/outdated-deprecation 2023-02-18 12:28:06 +01:00
erik-krogh
fcff18aa3c add query header for OutdatedDeprecations 2023-02-18 12:22:34 +01:00
erik-krogh
4f97c0470b exclude java integration tests from QL-for-QL 2023-02-18 12:21:35 +01:00
Chris Smowton
655aa700bc Merge pull request #12247 from smowton/smowton/fix/integer-conversion-sign
Go integer conversion: check against sink, not source signedness
2023-02-18 08:55:52 +00:00
Jami
f72cb5f650 Merge pull request #12215 from jcogs33/jcogs33/move-awt-swing-from-isJdkInternal
Java: move java.awt and javax.swing from `isJdkInternal` to `isInfrequentlyUsed`
2023-02-17 15:48:39 -05:00
Geoffrey White
7a9bbb1414 Swift: Model FileManager sources. 2023-02-17 20:04:27 +00:00
Chris Smowton
c7da1c9e0d Use example that compiles on 32-bit arch 2023-02-17 19:35:04 +00:00
Chris Smowton
be468fe122 Change note 2023-02-17 19:21:15 +00:00
Chris Smowton
4e86edf4fe Add test case 2023-02-17 19:16:36 +00:00
Chris Smowton
4d1608aafa Go integer conversion: check against sink, not source signedness 2023-02-17 18:53:18 +00:00
Geoffrey White
5d125572ec Swift: Test for FileManager taint sources. 2023-02-17 18:14:16 +00:00
Nick Rolfe
cef6765890 Merge pull request #12221 from github/post-release-prep/codeql-cli-2.12.3
Post-release preparation for codeql-cli-2.12.3
2023-02-17 17:59:45 +00:00
Calum Grant
c72a5d5dc0 Merge pull request #12245 from github/calumgrant/codeowners-dynamic
Update CODEOWNERS for dynamic teams
2023-02-17 17:25:08 +00:00
Chris Smowton
7205f30803 Merge pull request #12223 from github/smowton/admin/announce-jdk-20-2
Java: Announce JDK20 support
2023-02-17 16:10:24 +00:00
Calum Grant
e400a1ad77 Update CODEOWNERS
As agreed in the retro, we'll make all dynamic team members responsible for PRs
2023-02-17 15:48:24 +00:00
Joe Farebrother
a9f1436930 Test generator fixes
- Revert previous change to constructor return values; as constructors are supposed to be modeled using Argument[-1] rather than ReturnValue
- Fix generation of ambiguous calls when one of the conflicting methods is overridden
2023-02-17 15:30:06 +00:00
Nick Rolfe
5929c99eb1 Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 15:02:17 +00:00
Arthur Baars
71c8bb20f9 Merge pull request #12238 from aibaars/query-format-q
CI: make 'codeql query format' less verbose
2023-02-17 15:58:19 +01:00
Nick Rolfe
3e5534f0ba Merge branch 'main' into post-release-prep/codeql-cli-2.12.3 2023-02-17 14:39:26 +00:00
Taus
9f4f7a76c9 QL: Add query for outdated deprecations 2023-02-17 14:27:15 +00:00
Calum Grant
2cfd6c5597 Update misc/scripts/shared-code-metrics.py
Co-authored-by: Anders Peter Fugmann <anders@fugmann.net>
2023-02-17 14:26:58 +00:00
Calum Grant
35a53fa990 Merge pull request #12183 from RasmusWL/example-update
Python: Update a few examples so queries work on them
2023-02-17 14:21:38 +00:00
Arthur Baars
94467e638e CI: make 'codeql query compile' less verbose 2023-02-17 15:20:31 +01:00
Tom Hvitved
59efcd593a Python: Update test expectations 2023-02-17 15:20:21 +01:00
Tom Hvitved
0bceefc930 Java: Update test expectations 2023-02-17 15:20:21 +01:00
Arthur Baars
87cb3fd59f Update .github/workflows/compile-queries.yml
Co-authored-by: Erik Krogh Kristensen <erik-krogh@github.com>
2023-02-17 14:58:19 +01:00
Arthur Baars
c167919ff6 CI: make 'codeql query format' less verbose 2023-02-17 14:53:40 +01:00
Taus
db748fae6b QL: Integrate blame parser into extractor 2023-02-17 13:22:18 +00:00
Taus
59c1cfb43a QL: Add grammar for parsing blame files 2023-02-17 13:21:44 +00:00
Taus
0e0ec89e60 QL: Add tool for extracting blame info
I had some trouble getting this to work with version 1.54 of the Rust
toolchain, so I had to bump it up to 1.59.
2023-02-17 13:20:06 +00:00
Chris Smowton
d3e73891b5 Merge pull request #12229 from smowton/smowton/fix/gradle-wrapper-for-java-tests
Java: Add Gradle wrappers for Kotlin tests
2023-02-17 12:37:25 +00:00
Tom Hvitved
37fc8f5039 Swift: Update test expectations 2023-02-17 13:24:28 +01:00
Tom Hvitved
18c6b68232 Go: Update test expectations 2023-02-17 13:22:29 +01:00
Tom Hvitved
e9bce9f8cd Ruby: Update test expectations 2023-02-17 13:22:28 +01:00
Tom Hvitved
85e4707e0c Util: Use end line instead of start line for actual results 2023-02-17 13:22:28 +01:00
Geoffrey White
4356d359a6 Merge pull request #12226 from geoffw0/stringfix
Swift: Fix minor mistakes in the String models.
2023-02-17 10:23:56 +00:00
Chris Smowton
d1cd4cd099 Add Gradle wrappers for Kotlin tests
This avoids tests' behaviour changing due to environmental Gradle version changes
2023-02-17 10:10:22 +00:00
Rasmus Wriedt Larsen
39e7bba563 Merge pull request #12203 from RasmusWL/import-resolution-phi
Python: Handle if-then-else definitions in import resolution
2023-02-17 10:10:42 +01:00
yoff
2f8dddabb6 Merge pull request #11570 from Sim4n6/UnsafeUnpack
Python: Unsafe unpacking using `shutil.unpack_archive()` query and tests
2023-02-17 09:48:05 +01:00
Michael Nebel
2f6ffdd88f Merge pull request #12207 from michaelnebel/csharp/requiredmembers
C# 11: Required fields and properties.
2023-02-17 09:29:46 +01:00
Chris Smowton
6fc5bdd871 Announce JDK20 support 2023-02-17 08:15:33 +00:00
Michael Nebel
b87de911ba C#: Add change note. 2023-02-17 08:40:39 +01:00
Michael Nebel
3971dedcf6 C#: Add testcase for required members. 2023-02-17 08:40:39 +01:00
Michael Nebel
c0b8e852c5 C#: Add library support for required members. 2023-02-17 08:40:39 +01:00
Michael Nebel
2d46dd2936 C#: Add extractor support for the required modifier for fields and properties. 2023-02-17 08:40:39 +01:00
Michael Nebel
ff9e738d38 Merge pull request #12167 from michaelnebel/csharp/deprecategetassemblyname
C#: Checked operator support.
2023-02-17 08:39:32 +01:00
Geoffrey White
a894fc6ce8 Swift: Fix mistakes in String.qll models. 2023-02-16 18:24:36 +00:00
Geoffrey White
f64cb2983a Swift: Add tests for a few models we didn't cover. 2023-02-16 18:15:17 +00:00
github-actions[bot]
8eb8daa4d4 Post-release preparation for codeql-cli-2.12.3 2023-02-16 17:23:25 +00:00
Paolo Tranquilli
300db4f236 Merge pull request #12214 from github/redsun82/swift-codegen
Swift: fix weird module naming in codegen
2023-02-16 17:24:03 +01:00
Geoffrey White
cb11524dde Merge pull request #12154 from geoffw0/pathinjectionext
Swift: More path injection sinks
2023-02-16 16:00:31 +00:00
Erik Krogh Kristensen
2b529fbf53 Merge pull request #12213 from github/erik-krogh/patch-test
CI: inline the move-caches script into the action
2023-02-16 16:00:13 +01:00
Michael B. Gale
35b60167e1 Merge pull request #12153 from github/mbg/fix/msbuild-on-macos-arm
C#: Improve C# autobuilder compatibility with Arm-based Macs
2023-02-16 14:12:43 +00:00
Jami Cogswell
94fd412809 Java: move awt and swing to isInfrequentlyUsed predicate 2023-02-16 09:02:41 -05:00
erik-krogh
767da59397 remove the paths requirement from running QL-for-QL 2023-02-16 14:57:00 +01:00
Paolo Tranquilli
f50382ba70 Swift: fix weird module naming in codegen 2023-02-16 14:53:31 +01:00
erik-krogh
45d00ae9dd inline the move-caches script into the action 2023-02-16 14:52:46 +01:00
Paolo Tranquilli
7cfe15c304 Merge pull request #12205 from github/redsun82/swift-codegen
Swift: fix subtle `codegen` bug on missing files
2023-02-16 13:45:35 +01:00
Rasmus Wriedt Larsen
9ed021ad66 Python: Accept change to WeakFilePermissions.expected
💪
2023-02-16 13:27:16 +01:00
Joe Farebrother
430b432add Merge pull request #12195 from joefarebrother/testgen-improvements
Java: Test generator improvements
2023-02-16 11:20:55 +00:00
Michael B. Gale
eab3c6dd5e Fix missing implementations for C++ tests 2023-02-16 11:07:38 +00:00
Michael B. Gale
e28be5d98f Make msbuild work on Arm-based Macs 2023-02-16 11:07:38 +00:00
Michael B. Gale
75c75ea49c Correctly select dotnet platform on arm-based macs 2023-02-16 11:07:37 +00:00
Paolo Tranquilli
3ec2a3c711 Swift: fix subtle codegen bug on missing files
While the internal registry was being cleaned up from files removed by
codegen itself, it was not dropping files removed outside of codegen.

Because of this files removed by the user were not being regenerated
again if no change was staged to them, unless `--force` was provided.

This also fixes some such "ghost" entries in the registry and some
missing generated files.
2023-02-16 11:46:51 +01:00
Paolo Tranquilli
3b1b3b46ae Merge pull request #12202 from github/redsun82/swift-codegen
> Out of curiosity: What is the end goal that we're trying to get to with this?

Up until now we would be writing that predicate by hand, see [this example](29c8260004/swift/ql/lib/codeql/swift/elements/expr/MethodLookupExpr.qll (L29-L30)). Now this will be given to us from the get go.

For me this was prompted to give a nicer live demo later at my presentation 🙂
2023-02-16 11:35:05 +01:00
Michael B. Gale
29c8260004 Merge pull request #12196 from github/mbg/csharp/add-msbuild-integration-tests 2023-02-16 10:29:28 +00:00
Rasmus Wriedt Larsen
766e6c400e Python: Handle if-then-else definitions in import resolution 2023-02-16 11:18:30 +01:00
Rasmus Wriedt Larsen
80f5342a6d Python: Add import regression for if-then-else definitions 2023-02-16 11:12:08 +01:00
Tony Torralba
87b54e674e Merge pull request #12178 from felickz/main
Java - Adding support for com.microsoft.sqlserver.jdbc.SQLServerDataSource  to CWE-798
2023-02-16 11:03:34 +01:00
Michael B. Gale
9db1366e4b Change target framework to 4.0 for mono 2023-02-16 09:55:58 +00:00
Michael B. Gale
f1adb4319a Add C# integration test which uses MSBuild 2023-02-16 09:55:57 +00:00
Paolo Tranquilli
e2d7a6910c Swift: generate raw helpers in synthesized stubs
This will add helpers to get the underlying raw entities or constructor
arguments on stubs for synthesized classes.

For example a schema like:

```
@synth.from_class(A)
class B:
    pass

@synth.on_arguments(base=A, index=int)
class C:
    pass
```

will generate

```
cached
private Raw::A getUnderlyingEntity() { this = Synth::TB(result) }
```
in the `B.qll` stub and
```
cached
private Raw::A getUnderlyingBase() { this = Synth::TC(result, _) }

cached
private int getUnderlyingIndex() { this = Synth::TC(_, result) }
```
in the `C.qll` stub.

As stubs these can be freely changed later on.
2023-02-16 10:49:21 +01:00
Chad Bentz
f3124d3239 Merge branch 'main' into main 2023-02-15 18:46:15 -05:00
Chad Bentz
2f1bd93a49 change-notes for this minorAnalysis lib change 2023-02-15 18:40:40 -05:00
Chad Bentz
2f576a4fe9 test both arguments of getConnection
Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
2023-02-15 18:26:56 -05:00
Joe Farebrother
d9e5c6c48a Fix typo 2023-02-15 17:21:03 +00:00
Alex Ford
74782bf6a2 Merge branch 'main' into ruby_twirp_support 2023-02-15 17:15:08 +00:00
Alex Ford
801ed1ce7c Ruby: add Twirp.expected 2023-02-15 17:05:33 +00:00
Joe Farebrother
95a131d0d3 Update help text 2023-02-15 16:18:47 +00:00
Joe Farebrother
8ee36a5278 Test generator improvements
- Accept yml files as input
- Output the correct type for constructors
2023-02-15 16:11:22 +00:00
Alvaro Muñoz
4644a88b89 address code review comments 2023-02-14 14:27:17 +01:00
Michael Nebel
469b289db9 C#: Add change note. 2023-02-14 13:14:45 +01:00
Michael Nebel
b3c234d020 C#: Add testcases for checked operators. 2023-02-14 12:59:36 +01:00
Michael Nebel
238a70fc55 C#: Add library support for checked operators. 2023-02-14 12:58:15 +01:00
Michael Nebel
b7123aaa89 C#: Add viable callable testcases for regular and checked operators. 2023-02-14 12:57:59 +01:00
Rasmus Wriedt Larsen
dc5bb4fb77 Python: Update a few examples so queries work on them
Fixes problem highlighted in https://github.com/github/codeql/issues/12156
2023-02-14 11:54:18 +01:00
Chad Bentz
b0c8992eef Adding CWE-798 MSSQL Tests 2023-02-13 19:44:02 -05:00
Chad Bentz
cfe169a4f9 Adding MSSQL to SensitiveAPI 2023-02-13 19:42:28 -05:00
Rasmus Wriedt Larsen
1c7fe97427 Python: Add modeling of hmac 2023-02-13 15:39:43 +01:00
Rasmus Wriedt Larsen
df22181963 Python: Add tests of hmac 2023-02-13 15:38:14 +01:00
Michael Nebel
b3602a5b7f C#: Use functionname as stored in the database. 2023-02-13 13:53:46 +01:00
Sim4n6
d7af80136e Fail tests when missing annotation on sink orfail 2023-02-12 21:27:20 +01:00
Sim4n6
518684b736 Put back the annotation result=BAD 2023-02-12 21:26:12 +01:00
Sim4n6
80d4fb5e33 Organisation TarSlip/UnsafeUnpack into two folders 2023-02-12 10:51:53 +01:00
Sim4n6
eed19a3e15 Fix autoformatting issues 2023-02-10 21:58:29 +01:00
Geoffrey White
ad85b37585 Swift: Tidy up indenting. 2023-02-10 18:06:56 +00:00
Geoffrey White
d0efbbf5b8 Swift: More path injection models. 2023-02-10 18:02:50 +00:00
Geoffrey White
82f09b8511 Swift: More path injection test cases. 2023-02-10 17:55:06 +00:00
Sim4n6
09df055d86 Fix the exists cast warning 2023-02-09 15:25:54 +01:00
Sim4n6
b04d5684fb add a blank line at the end of the file 2023-02-09 15:23:58 +01:00
Sim4n6
16ef50401b Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
Co-authored-by: yoff <lerchedahl@gmail.com>
2023-02-09 14:59:28 +01:00
Sim4n6
4196230a8a use if-then-else rather than nested exists 2023-02-08 21:46:50 +01:00
Sim4n6
9e285020a1 Comment modif + remove redundant cast 2023-02-08 21:14:53 +01:00
Alvaro Muñoz
642a138eaa Update Twirp.qll 2023-02-07 10:44:48 +01:00
Sim4n6
ec82d61991 Add another frequently used step 2023-02-05 14:36:17 +01:00
Calum Grant
7d8b624a71 Basic script to generate shared code metrics 2023-02-03 16:24:39 +00:00
Alvaro Muñoz
3a9d650cb9 add qldocs for member predicates 2023-02-03 10:09:16 +01:00
Alvaro Muñoz
dd31be43e0 Support for Twirp framework 2023-02-03 09:35:22 +01:00
Sim4n6
a0150849cb Updated the expected test file 2023-02-02 21:42:47 +01:00
Sim4n6
1a8c9abee2 Incorporate Sink & Source as steps from TarSlipQry 2023-02-02 21:09:40 +01:00
Sim4n6
7079def7ce Add an S3 source with Session or download_fileobj 2023-01-30 00:49:23 +01:00
Sim4n6
0707064ab5 Constrain the save/path step 2023-01-28 10:14:24 +01:00
Sim4n6
a4aaf0ec6f Remove a write step & update the builtin open step 2023-01-28 09:53:54 +01:00
Sim4n6
0e2f37825d Organize steps to correspond to the sample code 2023-01-27 23:58:03 +01:00
Sim4n6
ee213123ac Add builtin open as an additional step 2023-01-27 18:16:11 +01:00
Sim4n6
0b27b1314a Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
Co-authored-by: yoff <lerchedahl@gmail.com>
2023-01-27 16:12:08 +01:00
Sim4n6
7a126a2317 Merge branch 'github:main' into UnsafeUnpack 2023-01-27 16:09:41 +01:00
Sim4n6
8ef2aa00e7 Update python/ql/src/experimental/Security/UnsafeUnpackQuery.qll
Co-authored-by: yoff <lerchedahl@gmail.com>
2023-01-27 16:07:39 +01:00
Sim4n6
207ed3da9c Constrain the object & the call 2023-01-27 15:07:20 +01:00
Sim4n6
18d8bbc9a4 Updated the expected results accordingly 2023-01-27 14:05:25 +01:00
Sim4n6
e41042418a Update the import relative to the dataflow config 2023-01-27 13:46:57 +01:00
Sim4n6
5f0bf1053a Update the dataflow test query and the expected results 2023-01-27 13:42:57 +01:00
Sim4n6
bca053f855 Move the config query to the parent directory 2023-01-27 13:42:14 +01:00
Sim4n6
998f1bf215 Some reformatting 2023-01-26 18:54:36 +01:00
Sim4n6
1a211485a4 Restrain the source and add two steps. 2023-01-26 17:07:59 +01:00
Sim4n6
51b11de44a Add a Django Upload examples 2023-01-26 15:16:24 +01:00
Sim4n6
54cc4d6498 Opt for any source from RemoteFlowSource. 2023-01-26 12:51:55 +01:00
Sim4n6
aaa0040612 Seperate the dataflow config from the query 2023-01-26 08:53:47 +01:00
Sim4n6
9464940214 Add expected results for argparse source 2023-01-26 01:00:19 +01:00
Sim4n6
2e4cb63049 Optimize the Argparse filename as a source. 2023-01-26 01:00:01 +01:00
Sim4n6
f867c9008f Commit the expected results 2023-01-26 00:08:54 +01:00
Sim4n6
9b5b0c60b8 Handle the download of a tarball using wget pkg. 2023-01-26 00:02:20 +01:00
Sim4n6
22af6f5182 Restrict download_file() to boto3 lib 2023-01-25 23:00:00 +01:00
Sim4n6
2d38993075 Add a missing "and" 2023-01-25 19:46:13 +01:00
Sim4n6
0ed480855a Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
Yes, definitely

Co-authored-by: yoff <lerchedahl@gmail.com>
2023-01-25 19:44:28 +01:00
Sim4n6
10d6ebf95b Use of inline tests for dataflow queries 2023-01-25 19:28:05 +01:00
Sim4n6
b5a6f6e165 Merge pull request #1 from github/main
Sync with the upstream
2023-01-25 19:13:35 +01:00
Sim4n6
4376870a51 An uploded file is considered a source 2022-12-15 23:39:02 +01:00
ALJI Mohamed
54109b8ea7 Add source wget.download 2022-12-13 15:34:01 +01:00
ALJI Mohamed
2f68b54b27 A simple download_file() call from maybe boto3 2022-12-12 19:46:34 +01:00
ALJI Mohamed
b19452467d read by chunks as additional step 2022-12-10 21:59:14 +01:00
ALJI Mohamed
eff132512c Copying the response data to the archive 2022-12-10 08:15:42 +01:00
ALJI Mohamed
545aab0e07 tarball path provided using CLI argument (source) 2022-12-09 15:54:43 +01:00
ALJI Mohamed
9336f4f1a2 Considering the use of contextlib.closing() method 2022-12-08 12:26:59 +01:00
ALJI Mohamed
2801b8495a A fix of the tag name 2022-12-06 14:50:47 +01:00
ALJI Mohamed
4896e62117 Use of more generic terms 2022-12-06 14:44:52 +01:00
Sim4n6
58570b4d2c Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.ql
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-12-06 14:40:48 +01:00
Sim4n6
9a60202de6 Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-12-06 14:40:35 +01:00
Sim4n6
c22c0b5029 Update python/ql/src/experimental/Security/CWE-022bis/UnsafeUnpack.qhelp
Co-authored-by: intrigus-lgtm <60750685+intrigus-lgtm@users.noreply.github.com>
2022-12-06 14:39:16 +01:00
ALJI Mohamed
a5849eb9b0 Improved the additional taint step using InstanceSource 2022-12-06 14:00:08 +01:00
ALJI Mohamed
054c06be65 Update UnsafeUnpack.ql 2022-12-06 02:51:07 +01:00
ALJI Mohamed
68fd75ca34 UnpackUnsafe query and tests 2022-12-05 17:20:22 +01:00
248 changed files with 29561 additions and 2665 deletions

View File

@@ -9,7 +9,7 @@ inputs:
outputs:
cache-dir:
description: "The directory where the cache was stored"
value: ${{ steps.fill-compilation-dir.outputs.compdir }}
value: ${{ steps.output-compilation-dir.outputs.compdir }}
runs:
using: composite
@@ -27,7 +27,9 @@ runs:
if: ${{ github.event_name == 'pull_request' }}
uses: actions/cache/restore@v3
with:
path: '**/.cache'
path: |
**/.cache
~/.codeql/compile-cache
key: codeql-compile-${{ inputs.key }}-pr-${{ github.sha }}
restore-keys: |
codeql-compile-${{ inputs.key }}-${{ github.base_ref }}-${{ env.merge_base }}
@@ -37,18 +39,111 @@ runs:
if: ${{ github.event_name != 'pull_request' }}
uses: actions/cache@v3
with:
path: '**/.cache'
path: |
**/.cache
~/.codeql/compile-cache
key: codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-${{ github.sha }} # just fill on main
restore-keys: | # restore the latest cache if the exact cache is unavailable, to speed up compilation.
codeql-compile-${{ inputs.key }}-${{ github.ref_name }}-
codeql-compile-${{ inputs.key }}-main-
- name: Fill compilation cache directory
id: fill-compilation-dir
- name: Output-compilationdir
id: output-compilation-dir
shell: bash
run: |
# Move all the existing cache into another folder, so we only preserve the cache for the current queries.
node $GITHUB_WORKSPACE/.github/actions/cache-query-compilation/move-caches.js ${COMBINED_CACHE_DIR}
echo "compdir=${COMBINED_CACHE_DIR}" >> $GITHUB_OUTPUT
env:
COMBINED_CACHE_DIR: ${{ runner.temp }}/compilation-dir
- name: Fill compilation cache directory
id: fill-compilation-dir
uses: actions/github-script@v6
env:
COMBINED_CACHE_DIR: ${{ runner.temp }}/compilation-dir
with:
script: |
// # Move all the existing cache into another folder, so we only preserve the cache for the current queries.
// mkdir -p ${COMBINED_CACHE_DIR}
// rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
// # copy the contents of the .cache folders into the combined cache folder.
// cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
// # clean up the .cache folders
// rm -rf **/.cache/*
const fs = require("fs");
const path = require("path");
const os = require("os");
// the first argv is the cache folder to create.
const COMBINED_CACHE_DIR = process.env.COMBINED_CACHE_DIR;
function* walkCaches(dir) {
const files = fs.readdirSync(dir, { withFileTypes: true });
for (const file of files) {
if (file.isDirectory()) {
const filePath = path.join(dir, file.name);
yield* walkCaches(filePath);
if (file.name === ".cache") {
yield filePath;
}
}
}
}
async function copyDir(src, dest) {
for await (const file of await fs.promises.readdir(src, { withFileTypes: true })) {
const srcPath = path.join(src, file.name);
const destPath = path.join(dest, file.name);
if (file.isDirectory()) {
if (!fs.existsSync(destPath)) {
fs.mkdirSync(destPath);
}
await copyDir(srcPath, destPath);
} else {
await fs.promises.copyFile(srcPath, destPath);
}
}
}
async function main() {
const cacheDirs = [...walkCaches(".")];
for (const dir of cacheDirs) {
console.log(`Found .cache dir at ${dir}`);
}
const globalCacheDir = path.join(os.homedir(), ".codeql", "compile-cache");
if (fs.existsSync(globalCacheDir)) {
console.log("Found global home dir: " + globalCacheDir);
cacheDirs.push(globalCacheDir);
}
if (cacheDirs.length === 0) {
console.log("No cache dirs found");
return;
}
// mkdir -p ${COMBINED_CACHE_DIR}
fs.mkdirSync(COMBINED_CACHE_DIR, { recursive: true });
// rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
await Promise.all(
cacheDirs.map((cacheDir) =>
(async function () {
await fs.promises.rm(path.join(cacheDir, "lock"), { force: true });
await fs.promises.rm(path.join(cacheDir, "size"), { force: true });
})()
)
);
// # copy the contents of the .cache folders into the combined cache folder.
// cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
await Promise.all(
cacheDirs.map((cacheDir) => copyDir(cacheDir, COMBINED_CACHE_DIR))
);
// # clean up the .cache folders
// rm -rf **/.cache/*
await Promise.all(
cacheDirs.map((cacheDir) => fs.promises.rm(cacheDir, { recursive: true }))
);
}
main();

View File

@@ -1,75 +0,0 @@
// # Move all the existing cache into another folder, so we only preserve the cache for the current queries.
// mkdir -p ${COMBINED_CACHE_DIR}
// rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
// # copy the contents of the .cache folders into the combined cache folder.
// cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
// # clean up the .cache folders
// rm -rf **/.cache/*
const fs = require("fs");
const path = require("path");
// the first argv is the cache folder to create.
const COMBINED_CACHE_DIR = process.argv[2];
function* walkCaches(dir) {
const files = fs.readdirSync(dir, { withFileTypes: true });
for (const file of files) {
if (file.isDirectory()) {
const filePath = path.join(dir, file.name);
yield* walkCaches(filePath);
if (file.name === ".cache") {
yield filePath;
}
}
}
}
async function copyDir(src, dest) {
for await (const file of await fs.promises.readdir(src, { withFileTypes: true })) {
const srcPath = path.join(src, file.name);
const destPath = path.join(dest, file.name);
if (file.isDirectory()) {
if (!fs.existsSync(destPath)) {
fs.mkdirSync(destPath);
}
await copyDir(srcPath, destPath);
} else {
await fs.promises.copyFile(srcPath, destPath);
}
}
}
async function main() {
const cacheDirs = [...walkCaches(".")];
for (const dir of cacheDirs) {
console.log(`Found .cache dir at ${dir}`);
}
// mkdir -p ${COMBINED_CACHE_DIR}
fs.mkdirSync(COMBINED_CACHE_DIR, { recursive: true });
// rm -f **/.cache/{lock,size} # -f to avoid errors if the cache is empty.
await Promise.all(
cacheDirs.map((cacheDir) =>
(async function () {
await fs.promises.rm(path.join(cacheDir, "lock"), { force: true });
await fs.promises.rm(path.join(cacheDir, "size"), { force: true });
})()
)
);
// # copy the contents of the .cache folders into the combined cache folder.
// cp -r **/.cache/* ${COMBINED_CACHE_DIR}/ || : # ignore missing files
await Promise.all(
cacheDirs.map((cacheDir) => copyDir(cacheDir, COMBINED_CACHE_DIR))
);
// # clean up the .cache folders
// rm -rf **/.cache/*
await Promise.all(
cacheDirs.map((cacheDir) => fs.promises.rm(cacheDir, { recursive: true }))
);
}
main();

View File

@@ -24,14 +24,14 @@ jobs:
with:
key: all-queries
- name: check formatting
run: find */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 codeql query format --check-only
run: find */ql -type f \( -name "*.qll" -o -name "*.ql" \) -print0 | xargs -0 -n 3000 -P 10 codeql query format -q --check-only
- name: compile queries - check-only
# run with --check-only if running in a PR (github.sha != main)
if : ${{ github.event_name == 'pull_request' }}
shell: bash
run: codeql query compile -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --check-only --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
- name: compile queries - full
# do full compile if running on main - this populates the cache
if : ${{ github.event_name != 'pull_request' }}
shell: bash
run: codeql query compile -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
run: codeql query compile -q -j0 */ql/{src,examples} --keep-going --warnings=error --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"

View File

@@ -5,13 +5,6 @@ on:
branches: [main]
pull_request:
branches: [main]
paths:
- "ql/**"
- "**.qll"
- "**.ql"
- "**.dbscheme"
- "**/qlpack.yml"
- ".github/workflows/ql-for-ql-build.yml"
env:
CARGO_TERM_COLOR: always
@@ -22,6 +15,8 @@ jobs:
steps:
### Build the queries ###
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Find codeql
id: find-codeql
uses: github/codeql-action/init@v2
@@ -34,7 +29,9 @@ jobs:
id: cache-extractor
uses: actions/cache@v3
with:
path: ql/extractor-pack/
path: |
ql/extractor-pack/
ql/target/release/buramu
key: ${{ runner.os }}-${{ steps.os_version.outputs.version }}-extractor-${{ hashFiles('ql/**/Cargo.lock') }}-${{ hashFiles('ql/**/*.rs') }}
- name: Cache cargo
if: steps.cache-extractor.outputs.cache-hit != 'true'
@@ -57,6 +54,7 @@ jobs:
key: run-ql-for-ql
- name: Make database and analyze
run: |
./ql/target/release/buramu | tee deprecated.blame # Add a blame file for the extractor to parse.
${CODEQL} database create -l=ql --search-path ql/extractor-pack ${DB}
${CODEQL} database analyze -j0 --format=sarif-latest --output=ql-for-ql.sarif ${DB} ql/ql/src/codeql-suites/ql-code-scanning.qls --compilation-cache "${{ steps.query-cache.outputs.cache-dir }}"
env:
@@ -65,6 +63,7 @@ jobs:
LGTM_INDEX_FILTERS: |
exclude:ql/ql/test
exclude:*/ql/lib/upgrades/
exclude:java/ql/integration-tests
- name: Upload sarif to code-scanning
uses: github/codeql-action/upload-sarif@v2
with:

View File

@@ -2,9 +2,9 @@
/csharp/ @github/codeql-csharp
/go/ @github/codeql-go
/java/ @github/codeql-java
/javascript/ @github/codeql-javascript
/python/ @github/codeql-python
/ruby/ @github/codeql-ruby
/javascript/ @github/codeql-dynamic
/python/ @github/codeql-dynamic
/ruby/ @github/codeql-dynamic
/swift/ @github/codeql-swift
/java/kotlin-extractor/ @github/codeql-kotlin
/java/kotlin-explorer/ @github/codeql-kotlin

View File

@@ -131,6 +131,14 @@ namespace Semmle.Autobuild.Cpp.Tests
bool IBuildActions.IsWindows() => IsWindows;
public bool IsMacOs { get; set; }
bool IBuildActions.IsMacOs() => IsMacOs;
public bool IsArm { get; set; }
bool IBuildActions.IsArm() => IsArm;
string IBuildActions.PathCombine(params string[] parts)
{
return string.Join(IsWindows ? '\\' : '/', parts.Where(p => !string.IsNullOrWhiteSpace(p)));

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-all
version: 0.5.3
version: 0.5.4-dev
groups: cpp
dbscheme: semmlecode.cpp.dbscheme
extractor: cpp

View File

@@ -1,5 +1,5 @@
name: codeql/cpp-queries
version: 0.5.3
version: 0.5.4-dev
groups:
- cpp
- queries

View File

@@ -145,6 +145,14 @@ namespace Semmle.Autobuild.CSharp.Tests
bool IBuildActions.IsWindows() => IsWindows;
public bool IsMacOs { get; set; }
bool IBuildActions.IsMacOs() => IsMacOs;
public bool IsArm { get; set; }
bool IBuildActions.IsArm() => IsArm;
public string PathCombine(params string[] parts)
{
return string.Join(IsWindows ? '\\' : '/', parts.Where(p => !string.IsNullOrWhiteSpace(p)));

View File

@@ -7,6 +7,7 @@ using System.Xml;
using System.Net.Http;
using System.Diagnostics.CodeAnalysis;
using System.Threading.Tasks;
using System.Runtime.InteropServices;
namespace Semmle.Autobuild.Shared
{
@@ -98,6 +99,18 @@ namespace Semmle.Autobuild.Shared
/// </summary>
bool IsWindows();
/// <summary>
/// Gets a value indicating whether we are running on macOS.
/// </summary>
/// <returns>True if we are running on macOS.</returns>
bool IsMacOs();
/// <summary>
/// Gets a value indicating whether we are running on arm.
/// </summary>
/// <returns>True if we are running on arm.</returns>
bool IsArm();
/// <summary>
/// Combine path segments, Path.Combine().
/// </summary>
@@ -203,6 +216,12 @@ namespace Semmle.Autobuild.Shared
bool IBuildActions.IsWindows() => Win32.IsWindows();
bool IBuildActions.IsMacOs() => RuntimeInformation.IsOSPlatform(OSPlatform.OSX);
bool IBuildActions.IsArm() =>
RuntimeInformation.ProcessArchitecture == Architecture.Arm64 ||
RuntimeInformation.ProcessArchitecture == Architecture.Arm;
string IBuildActions.PathCombine(params string[] parts) => Path.Combine(parts);
void IBuildActions.WriteAllText(string filename, string contents) => File.WriteAllText(filename, contents);

View File

@@ -1,18 +1,36 @@
using Semmle.Util.Logging;
using System;
using System.Linq;
using System.Runtime.InteropServices;
namespace Semmle.Autobuild.Shared
{
internal static class MsBuildCommandExtensions
{
/// <summary>
/// Appends a call to msbuild.
/// </summary>
/// <param name="cmdBuilder"></param>
/// <param name="builder"></param>
/// <returns></returns>
public static CommandBuilder MsBuildCommand(this CommandBuilder cmdBuilder, IAutobuilder<AutobuildOptionsShared> builder)
{
var isArmMac = builder.Actions.IsMacOs() && builder.Actions.IsArm();
// mono doesn't ship with `msbuild` on Arm-based Macs, but we can fall back to
// msbuild that ships with `dotnet` which can be invoked with `dotnet msbuild`
// perhaps we should do this on all platforms?
return isArmMac ?
cmdBuilder.RunCommand("dotnet").Argument("msbuild") :
cmdBuilder.RunCommand("msbuild");
}
}
/// <summary>
/// A build rule using msbuild.
/// </summary>
public class MsBuildRule : IBuildRule<AutobuildOptionsShared>
{
/// <summary>
/// The name of the msbuild command.
/// </summary>
private const string msBuild = "msbuild";
public BuildScript Analyse(IAutobuilder<AutobuildOptionsShared> builder, bool auto)
{
if (!builder.ProjectsOrSolutionsToBuild.Any())
@@ -57,7 +75,7 @@ namespace Semmle.Autobuild.Shared
Script;
var nugetRestore = GetNugetRestoreScript();
var msbuildRestoreCommand = new CommandBuilder(builder.Actions).
RunCommand(msBuild).
MsBuildCommand(builder).
Argument("/t:restore").
QuoteArgument(projectOrSolution.FullPath);
@@ -95,7 +113,7 @@ namespace Semmle.Autobuild.Shared
command.RunCommand("set Platform=&& type NUL", quoteExe: false);
}
command.RunCommand(msBuild);
command.MsBuildCommand(builder);
command.QuoteArgument(projectOrSolution.FullPath);
var target = builder.Options.MsBuildTarget ?? "rebuild";

View File

@@ -65,6 +65,15 @@ namespace Semmle.Extraction.CSharp.Entities
trapFile.has_modifiers(target, Modifier.Create(cx, modifier));
}
private static void ExtractFieldModifiers(Context cx, TextWriter trapFile, IEntity key, IFieldSymbol symbol)
{
if (symbol.IsReadOnly)
HasModifier(cx, trapFile, key, Modifiers.Readonly);
if (symbol.IsRequired)
HasModifier(cx, trapFile, key, Modifiers.Required);
}
private static void ExtractNamedTypeModifiers(Context cx, TextWriter trapFile, IEntity key, ISymbol symbol)
{
if (symbol.Kind != SymbolKind.NamedType)
@@ -106,8 +115,11 @@ namespace Semmle.Extraction.CSharp.Entities
if (symbol.IsVirtual)
HasModifier(cx, trapFile, key, Modifiers.Virtual);
if (symbol.Kind == SymbolKind.Field && ((IFieldSymbol)symbol).IsReadOnly)
HasModifier(cx, trapFile, key, Modifiers.Readonly);
if (symbol is IFieldSymbol field)
ExtractFieldModifiers(cx, trapFile, key, field);
if (symbol.Kind == SymbolKind.Property && ((IPropertySymbol)symbol).IsRequired)
HasModifier(cx, trapFile, key, Modifiers.Required);
if (symbol.IsOverride)
HasModifier(cx, trapFile, key, Modifiers.Override);

View File

@@ -13,6 +13,7 @@ internal static class Modifiers
public const string Public = "public";
public const string Readonly = "readonly";
public const string Record = "record";
public const string Required = "required";
public const string Ref = "ref";
public const string Sealed = "sealed";
public const string Static = "static";

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-all
version: 1.4.3
version: 1.4.4-dev
groups:
- csharp
- solorigate

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-solorigate-queries
version: 1.4.3
version: 1.4.4-dev
groups:
- csharp
- solorigate

View File

@@ -0,0 +1,13 @@
using System;
namespace Test
{
public class Program
{
public static int Main(string[] args)
{
Console.WriteLine("Hello world!");
return 0;
}
}
}

View File

@@ -0,0 +1,7 @@
<Project Sdk="Microsoft.NET.Sdk">
<PropertyGroup>
<OutputType>Exe</OutputType>
<TargetFramework>net4.0</TargetFramework>
</PropertyGroup>
</Project>

View File

@@ -0,0 +1,4 @@
from create_database_utils import *
# force CodeQL to use MSBuild by setting `LGTM_INDEX_MSBUILD_TARGET`
run_codeql_database_create([], test_db="default-db", db=None, lang="csharp", extra_env={ 'LGTM_INDEX_MSBUILD_TARGET': 'Build' })

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C# 11: Added library support for `checked` operators.

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* C# 11: Added extractor support for `required` fields and properties.

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-all
version: 0.5.3
version: 0.5.4-dev
groups: csharp
dbscheme: semmlecode.csharp.dbscheme
extractor: csharp

View File

@@ -435,8 +435,12 @@ class Destructor extends DotNet::Destructor, Callable, Member, Attributable, @de
* (`BinaryOperator`), or a conversion operator (`ConversionOperator`).
*/
class Operator extends Callable, Member, Attributable, @operator {
/** Gets the assembly name of this operator. */
string getAssemblyName() { operators(this, result, _, _, _, _) }
/**
* DEPRECATED: use `getFunctionName()` instead.
*
* Gets the assembly name of this operator.
*/
deprecated string getAssemblyName() { result = this.getFunctionName() }
override string getName() { operators(this, _, result, _, _, _) }
@@ -445,7 +449,7 @@ class Operator extends Callable, Member, Attributable, @operator {
/**
* Gets the metadata name of the operator, such as `op_implicit` or `op_RightShift`.
*/
string getFunctionName() { none() }
string getFunctionName() { operators(this, result, _, _, _, _) }
override ValueOrRefType getDeclaringType() { operators(this, _, _, result, _, _) }
@@ -481,10 +485,11 @@ class RecordCloneMethod extends Method, DotNet::RecordCloneCallable {
* A user-defined unary operator - an operator taking one operand.
*
* Either a plus operator (`PlusOperator`), minus operator (`MinusOperator`),
* not operator (`NotOperator`), complement operator (`ComplementOperator`),
* true operator (`TrueOperator`), false operator (`FalseOperator`),
* increment operator (`IncrementOperator`), or decrement operator
* (`DecrementOperator`).
* checked minus operator (`CheckedMinusOperator`), not operator (`NotOperator`),
* complement operator (`ComplementOperator`), true operator (`TrueOperator`),
* false operator (`FalseOperator`), increment operator (`IncrementOperator`),
* checked increment operator (`CheckedIncrementOperator`), decrement operator
* (`DecrementOperator`) or checked decrement operator (`CheckedDecrementOperator`).
*/
class UnaryOperator extends Operator {
UnaryOperator() {
@@ -505,8 +510,6 @@ class UnaryOperator extends Operator {
class PlusOperator extends UnaryOperator {
PlusOperator() { this.getName() = "+" }
override string getFunctionName() { result = "op_UnaryPlus" }
override string getAPrimaryQlClass() { result = "PlusOperator" }
}
@@ -522,11 +525,24 @@ class PlusOperator extends UnaryOperator {
class MinusOperator extends UnaryOperator {
MinusOperator() { this.getName() = "-" }
override string getFunctionName() { result = "op_UnaryNegation" }
override string getAPrimaryQlClass() { result = "MinusOperator" }
}
/**
* A user-defined checked minus operator (`-`), for example
*
* ```csharp
* public static Widget operator checked -(Widget w) {
* ...
* }
* ```
*/
class CheckedMinusOperator extends UnaryOperator {
CheckedMinusOperator() { this.getName() = "checked -" }
override string getAPrimaryQlClass() { result = "CheckedMinusOperator" }
}
/**
* A user-defined not operator (`!`), for example
*
@@ -539,8 +555,6 @@ class MinusOperator extends UnaryOperator {
class NotOperator extends UnaryOperator {
NotOperator() { this.getName() = "!" }
override string getFunctionName() { result = "op_LogicalNot" }
override string getAPrimaryQlClass() { result = "NotOperator" }
}
@@ -556,8 +570,6 @@ class NotOperator extends UnaryOperator {
class ComplementOperator extends UnaryOperator {
ComplementOperator() { this.getName() = "~" }
override string getFunctionName() { result = "op_OnesComplement" }
override string getAPrimaryQlClass() { result = "ComplementOperator" }
}
@@ -573,11 +585,24 @@ class ComplementOperator extends UnaryOperator {
class IncrementOperator extends UnaryOperator {
IncrementOperator() { this.getName() = "++" }
override string getFunctionName() { result = "op_Increment" }
override string getAPrimaryQlClass() { result = "IncrementOperator" }
}
/**
* A user-defined checked increment operator (`++`), for example
*
* ```csharp
* public static Widget operator checked ++(Widget w) {
* ...
* }
* ```
*/
class CheckedIncrementOperator extends UnaryOperator {
CheckedIncrementOperator() { this.getName() = "checked ++" }
override string getAPrimaryQlClass() { result = "CheckedIncrementOperator" }
}
/**
* A user-defined decrement operator (`--`), for example
*
@@ -590,11 +615,24 @@ class IncrementOperator extends UnaryOperator {
class DecrementOperator extends UnaryOperator {
DecrementOperator() { this.getName() = "--" }
override string getFunctionName() { result = "op_Decrement" }
override string getAPrimaryQlClass() { result = "DecrementOperator" }
}
/**
* A user-defined checked decrement operator (`--`), for example
*
* ```csharp
* public static Widget operator checked --(Widget w) {
* ...
* }
* ```
*/
class CheckedDecrementOperator extends UnaryOperator {
CheckedDecrementOperator() { this.getName() = "checked --" }
override string getAPrimaryQlClass() { result = "CheckedDecrementOperator" }
}
/**
* A user-defined false operator (`false`), for example
*
@@ -607,8 +645,6 @@ class DecrementOperator extends UnaryOperator {
class FalseOperator extends UnaryOperator {
FalseOperator() { this.getName() = "false" }
override string getFunctionName() { result = "op_False" }
override string getAPrimaryQlClass() { result = "FalseOperator" }
}
@@ -624,17 +660,18 @@ class FalseOperator extends UnaryOperator {
class TrueOperator extends UnaryOperator {
TrueOperator() { this.getName() = "true" }
override string getFunctionName() { result = "op_True" }
override string getAPrimaryQlClass() { result = "TrueOperator" }
}
/**
* A user-defined binary operator.
*
* Either an addition operator (`AddOperator`), a subtraction operator
* (`SubOperator`), a multiplication operator (`MulOperator`), a division
* operator (`DivOperator`), a remainder operator (`RemOperator`), an and
* Either an addition operator (`AddOperator`), a checked addition operator
* (`CheckedAddOperator`) a subtraction operator (`SubOperator`), a checked
* substraction operator (`CheckedSubOperator`), a multiplication operator
* (`MulOperator`), a checked multiplication operator (`CheckedMulOperator`),
* a division operator (`DivOperator`), a checked division operator
* (`CheckedDivOperator`), a remainder operator (`RemOperator`), an and
* operator (`AndOperator`), an or operator (`OrOperator`), an xor
* operator (`XorOperator`), a left shift operator (`LeftShiftOperator`),
* a right shift operator (`RightShiftOperator`), an unsigned right shift
@@ -659,11 +696,24 @@ class BinaryOperator extends Operator {
class AddOperator extends BinaryOperator {
AddOperator() { this.getName() = "+" }
override string getFunctionName() { result = "op_Addition" }
override string getAPrimaryQlClass() { result = "AddOperator" }
}
/**
* A user-defined checked addition operator (`+`), for example
*
* ```csharp
* public static Widget operator checked +(Widget lhs, Widget rhs) {
* ...
* }
* ```
*/
class CheckedAddOperator extends BinaryOperator {
CheckedAddOperator() { this.getName() = "checked +" }
override string getAPrimaryQlClass() { result = "CheckedAddOperator" }
}
/**
* A user-defined subtraction operator (`-`), for example
*
@@ -676,11 +726,24 @@ class AddOperator extends BinaryOperator {
class SubOperator extends BinaryOperator {
SubOperator() { this.getName() = "-" }
override string getFunctionName() { result = "op_Subtraction" }
override string getAPrimaryQlClass() { result = "SubOperator" }
}
/**
* A user-defined checked subtraction operator (`-`), for example
*
* ```csharp
* public static Widget operator checked -(Widget lhs, Widget rhs) {
* ...
* }
* ```
*/
class CheckedSubOperator extends BinaryOperator {
CheckedSubOperator() { this.getName() = "checked -" }
override string getAPrimaryQlClass() { result = "CheckedSubOperator" }
}
/**
* A user-defined multiplication operator (`*`), for example
*
@@ -693,11 +756,24 @@ class SubOperator extends BinaryOperator {
class MulOperator extends BinaryOperator {
MulOperator() { this.getName() = "*" }
override string getFunctionName() { result = "op_Multiply" }
override string getAPrimaryQlClass() { result = "MulOperator" }
}
/**
* A user-defined checked multiplication operator (`*`), for example
*
* ```csharp
* public static Widget operator checked *(Widget lhs, Widget rhs) {
* ...
* }
* ```
*/
class CheckedMulOperator extends BinaryOperator {
CheckedMulOperator() { this.getName() = "checked *" }
override string getAPrimaryQlClass() { result = "CheckedMulOperator" }
}
/**
* A user-defined division operator (`/`), for example
*
@@ -710,11 +786,24 @@ class MulOperator extends BinaryOperator {
class DivOperator extends BinaryOperator {
DivOperator() { this.getName() = "/" }
override string getFunctionName() { result = "op_Division" }
override string getAPrimaryQlClass() { result = "DivOperator" }
}
/**
* A user-defined checked division operator (`/`), for example
*
* ```csharp
* public static Widget operator checked /(Widget lhs, Widget rhs) {
* ...
* }
* ```
*/
class CheckedDivOperator extends BinaryOperator {
CheckedDivOperator() { this.getName() = "checked /" }
override string getAPrimaryQlClass() { result = "CheckedDivOperator" }
}
/**
* A user-defined remainder operator (`%`), for example
*
@@ -727,8 +816,6 @@ class DivOperator extends BinaryOperator {
class RemOperator extends BinaryOperator {
RemOperator() { this.getName() = "%" }
override string getFunctionName() { result = "op_Modulus" }
override string getAPrimaryQlClass() { result = "RemOperator" }
}
@@ -744,8 +831,6 @@ class RemOperator extends BinaryOperator {
class AndOperator extends BinaryOperator {
AndOperator() { this.getName() = "&" }
override string getFunctionName() { result = "op_BitwiseAnd" }
override string getAPrimaryQlClass() { result = "AndOperator" }
}
@@ -761,8 +846,6 @@ class AndOperator extends BinaryOperator {
class OrOperator extends BinaryOperator {
OrOperator() { this.getName() = "|" }
override string getFunctionName() { result = "op_BitwiseOr" }
override string getAPrimaryQlClass() { result = "OrOperator" }
}
@@ -778,8 +861,6 @@ class OrOperator extends BinaryOperator {
class XorOperator extends BinaryOperator {
XorOperator() { this.getName() = "^" }
override string getFunctionName() { result = "op_ExclusiveOr" }
override string getAPrimaryQlClass() { result = "XorOperator" }
}
@@ -795,8 +876,6 @@ class XorOperator extends BinaryOperator {
class LeftShiftOperator extends BinaryOperator {
LeftShiftOperator() { this.getName() = "<<" }
override string getFunctionName() { result = "op_LeftShift" }
override string getAPrimaryQlClass() { result = "LeftShiftOperator" }
}
@@ -815,8 +894,6 @@ deprecated class LShiftOperator = LeftShiftOperator;
class RightShiftOperator extends BinaryOperator {
RightShiftOperator() { this.getName() = ">>" }
override string getFunctionName() { result = "op_RightShift" }
override string getAPrimaryQlClass() { result = "RightShiftOperator" }
}
@@ -835,8 +912,6 @@ deprecated class RShiftOperator = RightShiftOperator;
class UnsignedRightShiftOperator extends BinaryOperator {
UnsignedRightShiftOperator() { this.getName() = ">>>" }
override string getFunctionName() { result = "op_UnsignedRightShift" }
override string getAPrimaryQlClass() { result = "UnsignedRightShiftOperator" }
}
@@ -852,8 +927,6 @@ class UnsignedRightShiftOperator extends BinaryOperator {
class EQOperator extends BinaryOperator {
EQOperator() { this.getName() = "==" }
override string getFunctionName() { result = "op_Equality" }
override string getAPrimaryQlClass() { result = "EQOperator" }
}
@@ -869,8 +942,6 @@ class EQOperator extends BinaryOperator {
class NEOperator extends BinaryOperator {
NEOperator() { this.getName() = "!=" }
override string getFunctionName() { result = "op_Inequality" }
override string getAPrimaryQlClass() { result = "NEOperator" }
}
@@ -886,8 +957,6 @@ class NEOperator extends BinaryOperator {
class LTOperator extends BinaryOperator {
LTOperator() { this.getName() = "<" }
override string getFunctionName() { result = "op_LessThan" }
override string getAPrimaryQlClass() { result = "LTOperator" }
}
@@ -903,8 +972,6 @@ class LTOperator extends BinaryOperator {
class GTOperator extends BinaryOperator {
GTOperator() { this.getName() = ">" }
override string getFunctionName() { result = "op_GreaterThan" }
override string getAPrimaryQlClass() { result = "GTOperator" }
}
@@ -920,8 +987,6 @@ class GTOperator extends BinaryOperator {
class LEOperator extends BinaryOperator {
LEOperator() { this.getName() = "<=" }
override string getFunctionName() { result = "op_LessThanOrEqual" }
override string getAPrimaryQlClass() { result = "LEOperator" }
}
@@ -937,8 +1002,6 @@ class LEOperator extends BinaryOperator {
class GEOperator extends BinaryOperator {
GEOperator() { this.getName() = ">=" }
override string getFunctionName() { result = "op_GreaterThanOrEqual" }
override string getAPrimaryQlClass() { result = "GEOperator" }
}
@@ -954,7 +1017,8 @@ class GEOperator extends BinaryOperator {
class ConversionOperator extends Operator {
ConversionOperator() {
this.getName() = "implicit conversion" or
this.getName() = "explicit conversion"
this.getName() = "explicit conversion" or
this.getName() = "checked explicit conversion"
}
/** Gets the source type of the conversion. */
@@ -976,8 +1040,6 @@ class ConversionOperator extends Operator {
class ImplicitConversionOperator extends ConversionOperator {
ImplicitConversionOperator() { this.getName() = "implicit conversion" }
override string getFunctionName() { result = "op_Implicit" }
override string getAPrimaryQlClass() { result = "ImplicitConversionOperator" }
}
@@ -993,11 +1055,24 @@ class ImplicitConversionOperator extends ConversionOperator {
class ExplicitConversionOperator extends ConversionOperator {
ExplicitConversionOperator() { this.getName() = "explicit conversion" }
override string getFunctionName() { result = "op_Explicit" }
override string getAPrimaryQlClass() { result = "ExplicitConversionOperator" }
}
/**
* A user-defined checked explicit conversion operator, for example
*
* ```csharp
* public static explicit operator checked int(BigInteger i) {
* ...
* }
* ```
*/
class CheckedExplicitConversionOperator extends ConversionOperator {
CheckedExplicitConversionOperator() { this.getName() = "checked explicit conversion" }
override string getAPrimaryQlClass() { result = "CheckedExplicitConversionOperator" }
}
/**
* A local function, defined within the scope of another callable.
* For example, `Fac` on lines 2--4 in

View File

@@ -90,6 +90,9 @@ class Modifiable extends Declaration, @modifiable {
/** Holds if this declaration is `const`. */
predicate isConst() { this.hasModifier("const") }
/** Holds if this declaration has the modifier `required`. */
predicate isRequired() { this.hasModifier("required") }
/** Holds if this declaration is `unsafe`. */
predicate isUnsafe() {
this.hasModifier("unsafe") or
@@ -178,6 +181,8 @@ class Member extends DotNet::Member, Modifiable, @member {
override predicate isAbstract() { Modifiable.super.isAbstract() }
override predicate isStatic() { Modifiable.super.isStatic() }
override predicate isRequired() { Modifiable.super.isRequired() }
}
private class TOverridable = @virtualizable or @callable_accessor;

View File

@@ -80,6 +80,9 @@ class Member extends Declaration, @dotnet_member {
/** Holds if this member is `static`. */
predicate isStatic() { none() }
/** Holds if this member is declared `required`. */
predicate isRequired() { none() }
/**
* Holds if this member has name `name` and is defined in type `type`
* with namespace `namespace`.

View File

@@ -1,5 +1,5 @@
name: codeql/csharp-queries
version: 0.5.3
version: 0.5.4-dev
groups:
- csharp
- queries

View File

@@ -0,0 +1,56 @@
namespace CheckedOperators;
public class Number
{
public int Value { get; }
public Number(int n) => this.Value = n;
public static Number operator checked +(Number n1, Number n2) =>
new Number(checked(n1.Value + n2.Value));
public static Number operator +(Number n1, Number n2) =>
new Number(n1.Value + n2.Value);
public static Number operator checked -(Number n1, Number n2) =>
new Number(checked(n1.Value - n2.Value));
public static Number operator -(Number n1, Number n2) =>
new Number(n1.Value - n2.Value);
public static Number operator checked *(Number n1, Number n2) =>
new Number(checked(n1.Value * n2.Value));
public static Number operator *(Number n1, Number n2) =>
new Number(n1.Value * n2.Value);
public static Number operator checked /(Number n1, Number n2) =>
new Number(checked(n1.Value / n2.Value));
public static Number operator /(Number n1, Number n2) =>
new Number(n1.Value / n2.Value);
public static Number operator checked -(Number n) =>
new Number(checked(-n.Value));
public static Number operator -(Number n) =>
new Number(-n.Value);
public static Number operator checked ++(Number n) =>
new Number(checked(n.Value + 1));
public static Number operator ++(Number n) =>
new Number(n.Value + 1);
public static Number operator checked --(Number n) =>
new Number(checked(n.Value - 1));
public static Number operator --(Number n) =>
new Number(n.Value - 1);
public static explicit operator short(Number n) =>
(short)n.Value;
public static explicit operator checked short(Number n) =>
checked((short)n.Value);
}

View File

@@ -1,3 +1,221 @@
CheckedOperators.cs:
# 1| [NamespaceDeclaration] namespace ... { ... }
# 3| 1: [Class] Number
# 5| 4: [Property] Value
# 5| -1: [TypeMention] int
# 5| 3: [Getter] get_Value
# 7| 5: [InstanceConstructor] Number
#-----| 2: (Parameters)
# 7| 0: [Parameter] n
# 7| -1: [TypeMention] int
# 7| 4: [AssignExpr] ... = ...
# 7| 0: [PropertyCall] access to property Value
# 7| -1: [ThisAccess] this access
# 7| 1: [ParameterAccess] access to parameter n
# 9| 6: [CheckedAddOperator] checked +
# 9| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 9| 0: [Parameter] n1
# 9| -1: [TypeMention] Number
# 9| 1: [Parameter] n2
# 9| -1: [TypeMention] Number
# 10| 4: [ObjectCreation] object creation of type Number
# 10| -1: [TypeMention] Number
# 10| 0: [CheckedExpr] checked (...)
# 10| 0: [AddExpr] ... + ...
# 10| 0: [PropertyCall] access to property Value
# 10| -1: [ParameterAccess] access to parameter n1
# 10| 1: [PropertyCall] access to property Value
# 10| -1: [ParameterAccess] access to parameter n2
# 12| 7: [AddOperator] +
# 12| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 12| 0: [Parameter] n1
# 12| -1: [TypeMention] Number
# 12| 1: [Parameter] n2
# 12| -1: [TypeMention] Number
# 13| 4: [ObjectCreation] object creation of type Number
# 13| -1: [TypeMention] Number
# 13| 0: [AddExpr] ... + ...
# 13| 0: [PropertyCall] access to property Value
# 13| -1: [ParameterAccess] access to parameter n1
# 13| 1: [PropertyCall] access to property Value
# 13| -1: [ParameterAccess] access to parameter n2
# 15| 8: [CheckedSubOperator] checked -
# 15| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 15| 0: [Parameter] n1
# 15| -1: [TypeMention] Number
# 15| 1: [Parameter] n2
# 15| -1: [TypeMention] Number
# 16| 4: [ObjectCreation] object creation of type Number
# 16| -1: [TypeMention] Number
# 16| 0: [CheckedExpr] checked (...)
# 16| 0: [SubExpr] ... - ...
# 16| 0: [PropertyCall] access to property Value
# 16| -1: [ParameterAccess] access to parameter n1
# 16| 1: [PropertyCall] access to property Value
# 16| -1: [ParameterAccess] access to parameter n2
# 18| 9: [SubOperator] -
# 18| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 18| 0: [Parameter] n1
# 18| -1: [TypeMention] Number
# 18| 1: [Parameter] n2
# 18| -1: [TypeMention] Number
# 19| 4: [ObjectCreation] object creation of type Number
# 19| -1: [TypeMention] Number
# 19| 0: [SubExpr] ... - ...
# 19| 0: [PropertyCall] access to property Value
# 19| -1: [ParameterAccess] access to parameter n1
# 19| 1: [PropertyCall] access to property Value
# 19| -1: [ParameterAccess] access to parameter n2
# 21| 10: [CheckedMulOperator] checked *
# 21| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 21| 0: [Parameter] n1
# 21| -1: [TypeMention] Number
# 21| 1: [Parameter] n2
# 21| -1: [TypeMention] Number
# 22| 4: [ObjectCreation] object creation of type Number
# 22| -1: [TypeMention] Number
# 22| 0: [CheckedExpr] checked (...)
# 22| 0: [MulExpr] ... * ...
# 22| 0: [PropertyCall] access to property Value
# 22| -1: [ParameterAccess] access to parameter n1
# 22| 1: [PropertyCall] access to property Value
# 22| -1: [ParameterAccess] access to parameter n2
# 24| 11: [MulOperator] *
# 24| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 24| 0: [Parameter] n1
# 24| -1: [TypeMention] Number
# 24| 1: [Parameter] n2
# 24| -1: [TypeMention] Number
# 25| 4: [ObjectCreation] object creation of type Number
# 25| -1: [TypeMention] Number
# 25| 0: [MulExpr] ... * ...
# 25| 0: [PropertyCall] access to property Value
# 25| -1: [ParameterAccess] access to parameter n1
# 25| 1: [PropertyCall] access to property Value
# 25| -1: [ParameterAccess] access to parameter n2
# 27| 12: [CheckedDivOperator] checked /
# 27| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 27| 0: [Parameter] n1
# 27| -1: [TypeMention] Number
# 27| 1: [Parameter] n2
# 27| -1: [TypeMention] Number
# 28| 4: [ObjectCreation] object creation of type Number
# 28| -1: [TypeMention] Number
# 28| 0: [CheckedExpr] checked (...)
# 28| 0: [DivExpr] ... / ...
# 28| 0: [PropertyCall] access to property Value
# 28| -1: [ParameterAccess] access to parameter n1
# 28| 1: [PropertyCall] access to property Value
# 28| -1: [ParameterAccess] access to parameter n2
# 30| 13: [DivOperator] /
# 30| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 30| 0: [Parameter] n1
# 30| -1: [TypeMention] Number
# 30| 1: [Parameter] n2
# 30| -1: [TypeMention] Number
# 31| 4: [ObjectCreation] object creation of type Number
# 31| -1: [TypeMention] Number
# 31| 0: [DivExpr] ... / ...
# 31| 0: [PropertyCall] access to property Value
# 31| -1: [ParameterAccess] access to parameter n1
# 31| 1: [PropertyCall] access to property Value
# 31| -1: [ParameterAccess] access to parameter n2
# 33| 14: [CheckedMinusOperator] checked -
# 33| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 33| 0: [Parameter] n
# 33| -1: [TypeMention] Number
# 34| 4: [ObjectCreation] object creation of type Number
# 34| -1: [TypeMention] Number
# 34| 0: [CheckedExpr] checked (...)
# 34| 0: [UnaryMinusExpr] -...
# 34| 0: [PropertyCall] access to property Value
# 34| -1: [ParameterAccess] access to parameter n
# 36| 15: [MinusOperator] -
# 36| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 36| 0: [Parameter] n
# 36| -1: [TypeMention] Number
# 37| 4: [ObjectCreation] object creation of type Number
# 37| -1: [TypeMention] Number
# 37| 0: [UnaryMinusExpr] -...
# 37| 0: [PropertyCall] access to property Value
# 37| -1: [ParameterAccess] access to parameter n
# 39| 16: [CheckedIncrementOperator] checked ++
# 39| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 39| 0: [Parameter] n
# 39| -1: [TypeMention] Number
# 40| 4: [ObjectCreation] object creation of type Number
# 40| -1: [TypeMention] Number
# 40| 0: [CheckedExpr] checked (...)
# 40| 0: [AddExpr] ... + ...
# 40| 0: [PropertyCall] access to property Value
# 40| -1: [ParameterAccess] access to parameter n
# 40| 1: [IntLiteral] 1
# 42| 17: [IncrementOperator] ++
# 42| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 42| 0: [Parameter] n
# 42| -1: [TypeMention] Number
# 43| 4: [ObjectCreation] object creation of type Number
# 43| -1: [TypeMention] Number
# 43| 0: [AddExpr] ... + ...
# 43| 0: [PropertyCall] access to property Value
# 43| -1: [ParameterAccess] access to parameter n
# 43| 1: [IntLiteral] 1
# 45| 18: [CheckedDecrementOperator] checked --
# 45| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 45| 0: [Parameter] n
# 45| -1: [TypeMention] Number
# 46| 4: [ObjectCreation] object creation of type Number
# 46| -1: [TypeMention] Number
# 46| 0: [CheckedExpr] checked (...)
# 46| 0: [SubExpr] ... - ...
# 46| 0: [PropertyCall] access to property Value
# 46| -1: [ParameterAccess] access to parameter n
# 46| 1: [IntLiteral] 1
# 48| 19: [DecrementOperator] --
# 48| -1: [TypeMention] Number
#-----| 2: (Parameters)
# 48| 0: [Parameter] n
# 48| -1: [TypeMention] Number
# 49| 4: [ObjectCreation] object creation of type Number
# 49| -1: [TypeMention] Number
# 49| 0: [SubExpr] ... - ...
# 49| 0: [PropertyCall] access to property Value
# 49| -1: [ParameterAccess] access to parameter n
# 49| 1: [IntLiteral] 1
# 51| 20: [ExplicitConversionOperator] explicit conversion
# 51| -1: [TypeMention] short
#-----| 2: (Parameters)
# 51| 0: [Parameter] n
# 51| -1: [TypeMention] Number
# 52| 4: [CastExpr] (...) ...
# 52| 0: [TypeAccess] access to type Int16
# 52| 0: [TypeMention] short
# 52| 1: [PropertyCall] access to property Value
# 52| -1: [ParameterAccess] access to parameter n
# 54| 21: [CheckedExplicitConversionOperator] checked explicit conversion
# 54| -1: [TypeMention] short
#-----| 2: (Parameters)
# 54| 0: [Parameter] n
# 54| -1: [TypeMention] Number
# 55| 4: [CheckedExpr] checked (...)
# 55| 0: [CastExpr] (...) ...
# 55| 0: [TypeAccess] access to type Int16
# 55| 0: [TypeMention] short
# 55| 1: [PropertyCall] access to property Value
# 55| -1: [ParameterAccess] access to parameter n
GenericAttribute.cs:
# 3| [GenericAssemblyAttribute] [assembly: MyGeneric<Int32>(...)]
# 3| 0: [TypeMention] MyGenericAttribute<int>
@@ -439,6 +657,97 @@ RelaxedShift.cs:
# 30| 1: [OperatorCall] call to operator >>>
# 30| 0: [LocalVariableAccess] access to local variable n31
# 30| 1: [StringLiteralUtf16] "3"
RequiredMembers.cs:
# 4| [Class] ClassRequiredMembers
# 6| 4: [Field] RequiredField
# 6| -1: [TypeMention] object
# 7| 5: [Property] RequiredProperty
# 7| -1: [TypeMention] string
# 7| 3: [Getter] get_RequiredProperty
# 7| 4: [Setter] set_RequiredProperty
#-----| 2: (Parameters)
# 7| 0: [Parameter] value
# 8| 6: [Property] VirtualProperty
# 8| -1: [TypeMention] object
# 8| 3: [Getter] get_VirtualProperty
# 8| 4: [Setter] set_VirtualProperty
#-----| 2: (Parameters)
# 8| 0: [Parameter] value
# 10| 7: [InstanceConstructor] ClassRequiredMembers
# 10| 4: [BlockStmt] {...}
# 13| 8: [InstanceConstructor] ClassRequiredMembers
#-----| 0: (Attributes)
# 12| 1: [DefaultAttribute] [SetsRequiredMembers(...)]
# 12| 0: [TypeMention] SetsRequiredMembersAttribute
#-----| 2: (Parameters)
# 13| 0: [Parameter] requiredField
# 13| -1: [TypeMention] object
# 13| 1: [Parameter] requiredProperty
# 13| -1: [TypeMention] string
# 14| 4: [BlockStmt] {...}
# 15| 0: [ExprStmt] ...;
# 15| 0: [AssignExpr] ... = ...
# 15| 0: [FieldAccess] access to field RequiredField
# 15| 1: [ParameterAccess] access to parameter requiredField
# 16| 1: [ExprStmt] ...;
# 16| 0: [AssignExpr] ... = ...
# 16| 0: [PropertyCall] access to property RequiredProperty
# 16| 1: [ParameterAccess] access to parameter requiredProperty
# 20| [Class] ClassRequiredMembersSub
#-----| 3: (Base types)
# 20| 0: [TypeMention] ClassRequiredMembers
# 22| 4: [Property] VirtualProperty
# 22| -1: [TypeMention] object
# 22| 3: [Getter] get_VirtualProperty
# 22| 4: [Setter] set_VirtualProperty
#-----| 2: (Parameters)
# 22| 0: [Parameter] value
# 24| 5: [InstanceConstructor] ClassRequiredMembersSub
# 24| 3: [ConstructorInitializer] call to constructor ClassRequiredMembers
# 24| 4: [BlockStmt] {...}
# 27| 6: [InstanceConstructor] ClassRequiredMembersSub
#-----| 0: (Attributes)
# 26| 1: [DefaultAttribute] [SetsRequiredMembers(...)]
# 26| 0: [TypeMention] SetsRequiredMembersAttribute
#-----| 2: (Parameters)
# 27| 0: [Parameter] requiredField
# 27| -1: [TypeMention] object
# 27| 1: [Parameter] requiredProperty
# 27| -1: [TypeMention] string
# 27| 2: [Parameter] virtualProperty
# 27| -1: [TypeMention] object
# 27| 3: [ConstructorInitializer] call to constructor ClassRequiredMembers
# 27| 0: [ParameterAccess] access to parameter requiredField
# 27| 1: [ParameterAccess] access to parameter requiredProperty
# 28| 4: [BlockStmt] {...}
# 29| 0: [ExprStmt] ...;
# 29| 0: [AssignExpr] ... = ...
# 29| 0: [PropertyCall] access to property VirtualProperty
# 29| 1: [ParameterAccess] access to parameter virtualProperty
# 33| [RecordClass] RecordRequiredMembers
# 33| 12: [NEOperator] !=
#-----| 2: (Parameters)
# 33| 0: [Parameter] left
# 33| 1: [Parameter] right
# 33| 13: [EQOperator] ==
#-----| 2: (Parameters)
# 33| 0: [Parameter] left
# 33| 1: [Parameter] right
# 33| 14: [Property] EqualityContract
# 33| 3: [Getter] get_EqualityContract
# 35| 15: [Property] X
# 35| -1: [TypeMention] object
# 35| 3: [Getter] get_X
# 35| 4: [Setter] set_X
#-----| 2: (Parameters)
# 35| 0: [Parameter] value
# 38| [Struct] StructRequiredMembers
# 40| 5: [Property] Y
# 40| -1: [TypeMention] string
# 40| 3: [Getter] get_Y
# 40| 4: [Setter] set_Y
#-----| 2: (Parameters)
# 40| 0: [Parameter] value
Scoped.cs:
# 1| [Struct] S1
# 2| [Struct] S2

View File

@@ -0,0 +1,42 @@
using System;
using System.Diagnostics.CodeAnalysis;
public class ClassRequiredMembers
{
public required object? RequiredField;
public required string? RequiredProperty { get; init; }
public virtual object? VirtualProperty { get; init; }
public ClassRequiredMembers() { }
[SetsRequiredMembers]
public ClassRequiredMembers(object requiredField, string requiredProperty)
{
RequiredField = requiredField;
RequiredProperty = requiredProperty;
}
}
public class ClassRequiredMembersSub : ClassRequiredMembers
{
public override required object? VirtualProperty { get; init; }
public ClassRequiredMembersSub() : base() { }
[SetsRequiredMembers]
public ClassRequiredMembersSub(object requiredField, string requiredProperty, object virtualProperty) : base(requiredField, requiredProperty)
{
VirtualProperty = virtualProperty;
}
}
public record RecordRequiredMembers
{
public required object? X { get; init; }
}
public struct StructRequiredMembers
{
public required string? Y { get; init; }
}

View File

@@ -0,0 +1,16 @@
| CheckedOperators.cs:9:43:9:43 | checked + | op_CheckedAddition | CheckedAddOperator |
| CheckedOperators.cs:12:35:12:35 | + | op_Addition | AddOperator |
| CheckedOperators.cs:15:43:15:43 | checked - | op_CheckedSubtraction | CheckedSubOperator |
| CheckedOperators.cs:18:35:18:35 | - | op_Subtraction | SubOperator |
| CheckedOperators.cs:21:43:21:43 | checked * | op_CheckedMultiply | CheckedMulOperator |
| CheckedOperators.cs:24:35:24:35 | * | op_Multiply | MulOperator |
| CheckedOperators.cs:27:43:27:43 | checked / | op_CheckedDivision | CheckedDivOperator |
| CheckedOperators.cs:30:35:30:35 | / | op_Division | DivOperator |
| CheckedOperators.cs:33:43:33:43 | checked - | op_CheckedUnaryNegation | CheckedMinusOperator |
| CheckedOperators.cs:36:35:36:35 | - | op_UnaryNegation | MinusOperator |
| CheckedOperators.cs:39:43:39:44 | checked ++ | op_CheckedIncrement | CheckedIncrementOperator |
| CheckedOperators.cs:42:35:42:36 | ++ | op_Increment | IncrementOperator |
| CheckedOperators.cs:45:43:45:44 | checked -- | op_CheckedDecrement | CheckedDecrementOperator |
| CheckedOperators.cs:48:35:48:36 | -- | op_Decrement | DecrementOperator |
| CheckedOperators.cs:51:28:51:35 | explicit conversion | op_Explicit | ExplicitConversionOperator |
| CheckedOperators.cs:54:28:54:35 | checked explicit conversion | op_CheckedExplicit | CheckedExplicitConversionOperator |

View File

@@ -0,0 +1,5 @@
import csharp
from Operator o
where o.getFile().getStem() = "CheckedOperators"
select o, o.getFunctionName(), o.getAPrimaryQlClass()

View File

@@ -0,0 +1,5 @@
| RequiredMembers.cs:6:29:6:41 | RequiredField | ClassRequiredMembers | Field |
| RequiredMembers.cs:7:29:7:44 | RequiredProperty | ClassRequiredMembers | Property |
| RequiredMembers.cs:22:38:22:52 | VirtualProperty | ClassRequiredMembersSub | Property |
| RequiredMembers.cs:35:29:35:29 | X | RecordRequiredMembers | Property |
| RequiredMembers.cs:40:29:40:29 | Y | StructRequiredMembers | Property |

View File

@@ -0,0 +1,8 @@
import csharp
query predicate requiredmembers(Member m, string type, string qlclass) {
m.getFile().getStem() = "RequiredMembers" and
m.isRequired() and
type = m.getDeclaringType().getName() and
qlclass = m.getAPrimaryQlClass()
}

View File

@@ -238,3 +238,7 @@
| ViableCallable.cs:458:10:458:14 | M5<> | ViableCallable.cs:444:23:444:27 | M2<> |
| ViableCallable.cs:475:10:475:12 | Run | ViableCallable.cs:468:10:468:11 | M2 |
| ViableCallable.cs:475:10:475:12 | Run | ViableCallable.cs:473:17:473:18 | M1 |
| ViableCallable.cs:492:10:492:12 | Run | ViableCallable.cs:487:32:487:32 | + |
| ViableCallable.cs:492:10:492:12 | Run | ViableCallable.cs:488:40:488:40 | checked + |
| ViableCallable.cs:492:10:492:12 | Run | ViableCallable.cs:489:28:489:35 | explicit conversion |
| ViableCallable.cs:492:10:492:12 | Run | ViableCallable.cs:490:28:490:35 | checked explicit conversion |

View File

@@ -471,3 +471,7 @@
| ViableCallable.cs:461:9:461:30 | call to method M2<T> | C17.M2<T>(Func<T>) |
| ViableCallable.cs:478:9:478:14 | call to method M1 | C18.M1() |
| ViableCallable.cs:481:9:481:14 | call to method M2 | I2.M2() |
| ViableCallable.cs:495:18:495:22 | call to operator + | C19.+(C19, C19) |
| ViableCallable.cs:498:26:498:30 | call to operator checked + | C19.checked +(C19, C19) |
| ViableCallable.cs:501:18:501:23 | call to operator explicit conversion | C19.explicit conversion(C19) |
| ViableCallable.cs:504:26:504:31 | call to operator checked explicit conversion | C19.checked explicit conversion(C19) |

View File

@@ -481,3 +481,26 @@ class C18 : I2
i.M2();
}
}
class C19
{
public static C19 operator +(C19 x, C19 y) => throw null;
public static C19 operator checked +(C19 x, C19 y) => throw null;
public static explicit operator int(C19 x) => throw null;
public static explicit operator checked int(C19 x) => throw null;
void Run(C19 c)
{
// Viable callables: C19.op_Addition()
var c1 = c + c;
// Viable callables: C19.op_CheckedAddition()
var c2 = checked(c + c);
// Viable callables: C19.op_Explicit()
var n1 = (int)c;
// Viable callables: C19.op_CheckedExplicit()
var n2 = checked((int)c);
}
}

View File

@@ -268,3 +268,7 @@
| ViableCallable.cs:423:9:423:21 | call to method M<String> | M<> | A5 |
| ViableCallable.cs:478:9:478:14 | call to method M1 | M1 | C18 |
| ViableCallable.cs:481:9:481:14 | call to method M2 | M2 | I2 |
| ViableCallable.cs:495:18:495:22 | call to operator + | + | C19 |
| ViableCallable.cs:498:26:498:30 | call to operator checked + | checked + | C19 |
| ViableCallable.cs:501:18:501:23 | call to operator explicit conversion | explicit conversion | C19 |
| ViableCallable.cs:504:26:504:31 | call to operator checked explicit conversion | checked explicit conversion | C19 |

View File

@@ -6,7 +6,11 @@ if [[ "$OSTYPE" == "linux-gnu"* ]]; then
dotnet_platform="linux-x64"
elif [[ "$OSTYPE" == "darwin"* ]]; then
platform="osx64"
if [[ $(uname -m) == 'arm64' ]]; then
dotnet_platform="osx-arm64"
else
dotnet_platform="osx-x64"
fi
else
echo "Unknown OS"
exit 1

View File

@@ -17,7 +17,7 @@
.NET 5, .NET 6","``.sln``, ``.csproj``, ``.cs``, ``.cshtml``, ``.xaml``"
Go (aka Golang), "Go up to 1.20", "Go 1.11 or more recent", ``.go``
Java,"Java 7 to 19 [4]_","javac (OpenJDK and Oracle JDK),
Java,"Java 7 to 20 [4]_","javac (OpenJDK and Oracle JDK),
Eclipse compiler for Java (ECJ) [5]_",``.java``
Kotlin [6]_,"Kotlin 1.5.0 to 1.8.20","kotlinc",``.kt``
@@ -31,7 +31,7 @@
.. [1] C++20 support is currently in beta. Supported for GCC on Linux only. Modules are *not* supported.
.. [2] Support for the clang-cl compiler is preliminary.
.. [3] Support for the Arm Compiler (armcc) is preliminary.
.. [4] Builds that execute on Java 7 to 19 can be analyzed. The analysis understands Java 19 standard language features.
.. [4] Builds that execute on Java 7 to 20 can be analyzed. The analysis understands Java 20 standard language features.
.. [5] ECJ is supported when the build invokes it via the Maven Compiler plugin or the Takari Lifecycle plugin.
.. [6] Kotlin support is currently in beta.
.. [7] JSX and Flow code, YAML, JSON, HTML, and XML files may also be analyzed with JavaScript files.

View File

@@ -1,5 +1,5 @@
name: codeql/go-all
version: 0.4.3
version: 0.4.4-dev
groups: go
dbscheme: go.dbscheme
extractor: go

View File

@@ -56,14 +56,14 @@ private predicate isIncorrectIntegerConversion(int sourceBitSize, int sinkBitSiz
* integer types, which could cause unexpected values.
*/
class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
boolean sourceIsSigned;
boolean sinkIsSigned;
int sourceBitSize;
int sinkBitSize;
ConversionWithoutBoundsCheckConfig() {
sourceIsSigned in [true, false] and
sinkIsSigned in [true, false] and
isIncorrectIntegerConversion(sourceBitSize, sinkBitSize) and
this = "ConversionWithoutBoundsCheckConfig" + sourceBitSize + sourceIsSigned + sinkBitSize
this = "ConversionWithoutBoundsCheckConfig" + sourceBitSize + sinkIsSigned + sinkBitSize
}
/** Gets the bit size of the source. */
@@ -75,11 +75,6 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
|
c.getTarget() = ip and source = c.getResult(0)
|
(
if ip.getResultType(0) instanceof SignedIntegerType
then sourceIsSigned = true
else sourceIsSigned = false
) and
(
apparentBitSize = ip.getTargetBitSize()
or
@@ -112,11 +107,14 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
predicate isSinkWithBitSize(DataFlow::TypeCastNode sink, int bitSize) {
sink.asExpr() instanceof ConversionExpr and
exists(IntegerType integerType | sink.getResultType().getUnderlyingType() = integerType |
(
bitSize = integerType.getSize()
or
not exists(integerType.getSize()) and
bitSize = getIntTypeBitSize(sink.getFile())
) and
if integerType instanceof SignedIntegerType then sinkIsSigned = true else sinkIsSigned = false
) and
not exists(ShrExpr shrExpr |
shrExpr.getLeftOperand().getGlobalValueNumber() =
sink.getOperand().asExpr().getGlobalValueNumber() or
@@ -134,7 +132,7 @@ class ConversionWithoutBoundsCheckConfig extends TaintTracking::Configuration {
if sinkBitSize != 0 then bitSize = sinkBitSize else bitSize = 32
|
node = DataFlow::BarrierGuard<upperBoundCheckGuard/3>::getABarrierNodeForGuard(g) and
g.isBoundFor(bitSize, sourceIsSigned)
g.isBoundFor(bitSize, sinkIsSigned)
)
}

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query `go/incorrect-integer-conversion` now correctly recognises guards of the form `if val <= x` to protect a conversion `uintX(val)` when `x` is in the range `(math.MaxIntX, math.MaxUintX]`.

View File

@@ -1,5 +1,5 @@
name: codeql/go-queries
version: 0.4.3
version: 0.4.4-dev
groups:
- go
- queries

View File

@@ -7,7 +7,7 @@ func testing() {
nonvariadicDeclaredFunction([]int{})
}
func variadicDeclaredFunction(x ...int) int { // $ isVariadic
func variadicDeclaredFunction(x ...int) int {
a := make([]int, 0, 10)
y := append(x, a...)
print(x[0], x[1])
@@ -15,7 +15,7 @@ func variadicDeclaredFunction(x ...int) int { // $ isVariadic
fmt.Fprint(nil, nil, nil)
variadicFunctionLiteral := func(z ...int) int { return z[1] } // $ isVariadic
return variadicFunctionLiteral(y...)
}
} // $ isVariadic
func nonvariadicDeclaredFunction(x []int) int {
return 0

View File

@@ -59,7 +59,7 @@ func main() {
http.HandleFunc("/foo", handler) // $ handler="/foo"
http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) { // $ handler="/bar"
http.HandleFunc("/bar", func(w http.ResponseWriter, r *http.Request) {
fmt.Fprintf(w, "Hello, %q", html.EscapeString(r.URL.Path))
})
}) // $ handler="/bar"
}

View File

@@ -264,6 +264,9 @@ func testBoundsChecking(input string) {
_ = int16(parsed)
}
}
if parsed <= math.MaxUint16 {
_ = uint16(parsed)
}
}
{
parsed, err := strconv.ParseUint(input, 10, 32)

View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

View File

@@ -0,0 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@@ -0,0 +1,244 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

View File

@@ -0,0 +1,92 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

View File

@@ -1,5 +1,7 @@
import platform
from create_database_utils import *
gradle_cmd = "gradlew.bat" if platform.system() == "Windows" else "./gradlew"
run_codeql_database_create(
["gradle build --no-daemon --no-build-cache"], lang="java")
runSuccessfully([get_cmd("gradle"), "clean"])
["%s build --no-daemon --no-build-cache" % gradle_cmd], lang="java")

View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

View File

@@ -0,0 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@@ -0,0 +1,244 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

View File

@@ -0,0 +1,92 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

View File

@@ -1,4 +1,7 @@
import platform
from create_database_utils import *
run_codeql_database_create(["gradle build --no-daemon --no-build-cache"], lang="java")
runSuccessfully([get_cmd("gradle"), "clean"])
gradle_cmd = "gradlew.bat" if platform.system() == "Windows" else "./gradlew"
run_codeql_database_create(
["%s build --no-daemon --no-build-cache" % gradle_cmd], lang="java")

View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

View File

@@ -0,0 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@@ -0,0 +1,244 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

View File

@@ -0,0 +1,92 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

View File

@@ -1,4 +1,7 @@
import platform
from create_database_utils import *
run_codeql_database_create(["gradle build --no-daemon --no-build-cache"], lang="java")
runSuccessfully([get_cmd("gradle"), "clean"])
gradle_cmd = "gradlew.bat" if platform.system() == "Windows" else "./gradlew"
run_codeql_database_create(
["%s build --no-daemon --no-build-cache" % gradle_cmd], lang="java")

View File

@@ -0,0 +1,6 @@
#
# https://help.github.com/articles/dealing-with-line-endings/
#
# These are explicitly windows files and should use crlf
*.bat text eol=crlf

View File

@@ -0,0 +1,6 @@
distributionBase=GRADLE_USER_HOME
distributionPath=wrapper/dists
distributionUrl=https\://services.gradle.org/distributions/gradle-7.6-bin.zip
networkTimeout=10000
zipStoreBase=GRADLE_USER_HOME
zipStorePath=wrapper/dists

View File

@@ -0,0 +1,244 @@
#!/bin/sh
#
# Copyright © 2015-2021 the original authors.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
##############################################################################
#
# Gradle start up script for POSIX generated by Gradle.
#
# Important for running:
#
# (1) You need a POSIX-compliant shell to run this script. If your /bin/sh is
# noncompliant, but you have some other compliant shell such as ksh or
# bash, then to run this script, type that shell name before the whole
# command line, like:
#
# ksh Gradle
#
# Busybox and similar reduced shells will NOT work, because this script
# requires all of these POSIX shell features:
# * functions;
# * expansions «$var», «${var}», «${var:-default}», «${var+SET}»,
# «${var#prefix}», «${var%suffix}», and «$( cmd )»;
# * compound commands having a testable exit status, especially «case»;
# * various built-in commands including «command», «set», and «ulimit».
#
# Important for patching:
#
# (2) This script targets any POSIX shell, so it avoids extensions provided
# by Bash, Ksh, etc; in particular arrays are avoided.
#
# The "traditional" practice of packing multiple parameters into a
# space-separated string is a well documented source of bugs and security
# problems, so this is (mostly) avoided, by progressively accumulating
# options in "$@", and eventually passing that to Java.
#
# Where the inherited environment variables (DEFAULT_JVM_OPTS, JAVA_OPTS,
# and GRADLE_OPTS) rely on word-splitting, this is performed explicitly;
# see the in-line comments for details.
#
# There are tweaks for specific operating systems such as AIX, CygWin,
# Darwin, MinGW, and NonStop.
#
# (3) This script is generated from the Groovy template
# https://github.com/gradle/gradle/blob/HEAD/subprojects/plugins/src/main/resources/org/gradle/api/internal/plugins/unixStartScript.txt
# within the Gradle project.
#
# You can find Gradle at https://github.com/gradle/gradle/.
#
##############################################################################
# Attempt to set APP_HOME
# Resolve links: $0 may be a link
app_path=$0
# Need this for daisy-chained symlinks.
while
APP_HOME=${app_path%"${app_path##*/}"} # leaves a trailing /; empty if no leading path
[ -h "$app_path" ]
do
ls=$( ls -ld "$app_path" )
link=${ls#*' -> '}
case $link in #(
/*) app_path=$link ;; #(
*) app_path=$APP_HOME$link ;;
esac
done
# This is normally unused
# shellcheck disable=SC2034
APP_BASE_NAME=${0##*/}
APP_HOME=$( cd "${APP_HOME:-./}" && pwd -P ) || exit
# Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
# Use the maximum available, or set MAX_FD != -1 to use that value.
MAX_FD=maximum
warn () {
echo "$*"
} >&2
die () {
echo
echo "$*"
echo
exit 1
} >&2
# OS specific support (must be 'true' or 'false').
cygwin=false
msys=false
darwin=false
nonstop=false
case "$( uname )" in #(
CYGWIN* ) cygwin=true ;; #(
Darwin* ) darwin=true ;; #(
MSYS* | MINGW* ) msys=true ;; #(
NONSTOP* ) nonstop=true ;;
esac
CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
# Determine the Java command to use to start the JVM.
if [ -n "$JAVA_HOME" ] ; then
if [ -x "$JAVA_HOME/jre/sh/java" ] ; then
# IBM's JDK on AIX uses strange locations for the executables
JAVACMD=$JAVA_HOME/jre/sh/java
else
JAVACMD=$JAVA_HOME/bin/java
fi
if [ ! -x "$JAVACMD" ] ; then
die "ERROR: JAVA_HOME is set to an invalid directory: $JAVA_HOME
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
else
JAVACMD=java
which java >/dev/null 2>&1 || die "ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
Please set the JAVA_HOME variable in your environment to match the
location of your Java installation."
fi
# Increase the maximum file descriptors if we can.
if ! "$cygwin" && ! "$darwin" && ! "$nonstop" ; then
case $MAX_FD in #(
max*)
# In POSIX sh, ulimit -H is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
MAX_FD=$( ulimit -H -n ) ||
warn "Could not query maximum file descriptor limit"
esac
case $MAX_FD in #(
'' | soft) :;; #(
*)
# In POSIX sh, ulimit -n is undefined. That's why the result is checked to see if it worked.
# shellcheck disable=SC3045
ulimit -n "$MAX_FD" ||
warn "Could not set maximum file descriptor limit to $MAX_FD"
esac
fi
# Collect all arguments for the java command, stacking in reverse order:
# * args from the command line
# * the main class name
# * -classpath
# * -D...appname settings
# * --module-path (only if needed)
# * DEFAULT_JVM_OPTS, JAVA_OPTS, and GRADLE_OPTS environment variables.
# For Cygwin or MSYS, switch paths to Windows format before running java
if "$cygwin" || "$msys" ; then
APP_HOME=$( cygpath --path --mixed "$APP_HOME" )
CLASSPATH=$( cygpath --path --mixed "$CLASSPATH" )
JAVACMD=$( cygpath --unix "$JAVACMD" )
# Now convert the arguments - kludge to limit ourselves to /bin/sh
for arg do
if
case $arg in #(
-*) false ;; # don't mess with options #(
/?*) t=${arg#/} t=/${t%%/*} # looks like a POSIX filepath
[ -e "$t" ] ;; #(
*) false ;;
esac
then
arg=$( cygpath --path --ignore --mixed "$arg" )
fi
# Roll the args list around exactly as many times as the number of
# args, so each arg winds up back in the position where it started, but
# possibly modified.
#
# NB: a `for` loop captures its iteration list before it begins, so
# changing the positional parameters here affects neither the number of
# iterations, nor the values presented in `arg`.
shift # remove old arg
set -- "$@" "$arg" # push replacement arg
done
fi
# Collect all arguments for the java command;
# * $DEFAULT_JVM_OPTS, $JAVA_OPTS, and $GRADLE_OPTS can contain fragments of
# shell script including quotes and variable substitutions, so put them in
# double quotes to make sure that they get re-expanded; and
# * put everything else in single quotes, so that it's not re-expanded.
set -- \
"-Dorg.gradle.appname=$APP_BASE_NAME" \
-classpath "$CLASSPATH" \
org.gradle.wrapper.GradleWrapperMain \
"$@"
# Stop when "xargs" is not available.
if ! command -v xargs >/dev/null 2>&1
then
die "xargs is not available"
fi
# Use "xargs" to parse quoted args.
#
# With -n1 it outputs one arg per line, with the quotes and backslashes removed.
#
# In Bash we could simply go:
#
# readarray ARGS < <( xargs -n1 <<<"$var" ) &&
# set -- "${ARGS[@]}" "$@"
#
# but POSIX shell has neither arrays nor command substitution, so instead we
# post-process each arg (as a line of input to sed) to backslash-escape any
# character that might be a shell metacharacter, then use eval to reverse
# that process (while maintaining the separation between arguments), and wrap
# the whole thing up as a single "set" statement.
#
# This will of course break if any of these variables contains a newline or
# an unmatched quote.
#
eval "set -- $(
printf '%s\n' "$DEFAULT_JVM_OPTS $JAVA_OPTS $GRADLE_OPTS" |
xargs -n1 |
sed ' s~[^-[:alnum:]+,./:=@_]~\\&~g; ' |
tr '\n' ' '
)" '"$@"'
exec "$JAVACMD" "$@"

View File

@@ -0,0 +1,92 @@
@rem
@rem Copyright 2015 the original author or authors.
@rem
@rem Licensed under the Apache License, Version 2.0 (the "License");
@rem you may not use this file except in compliance with the License.
@rem You may obtain a copy of the License at
@rem
@rem https://www.apache.org/licenses/LICENSE-2.0
@rem
@rem Unless required by applicable law or agreed to in writing, software
@rem distributed under the License is distributed on an "AS IS" BASIS,
@rem WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
@rem See the License for the specific language governing permissions and
@rem limitations under the License.
@rem
@if "%DEBUG%"=="" @echo off
@rem ##########################################################################
@rem
@rem Gradle startup script for Windows
@rem
@rem ##########################################################################
@rem Set local scope for the variables with windows NT shell
if "%OS%"=="Windows_NT" setlocal
set DIRNAME=%~dp0
if "%DIRNAME%"=="" set DIRNAME=.
@rem This is normally unused
set APP_BASE_NAME=%~n0
set APP_HOME=%DIRNAME%
@rem Resolve any "." and ".." in APP_HOME to make it shorter.
for %%i in ("%APP_HOME%") do set APP_HOME=%%~fi
@rem Add default JVM options here. You can also use JAVA_OPTS and GRADLE_OPTS to pass JVM options to this script.
set DEFAULT_JVM_OPTS="-Xmx64m" "-Xms64m"
@rem Find java.exe
if defined JAVA_HOME goto findJavaFromJavaHome
set JAVA_EXE=java.exe
%JAVA_EXE% -version >NUL 2>&1
if %ERRORLEVEL% equ 0 goto execute
echo.
echo ERROR: JAVA_HOME is not set and no 'java' command could be found in your PATH.
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:findJavaFromJavaHome
set JAVA_HOME=%JAVA_HOME:"=%
set JAVA_EXE=%JAVA_HOME%/bin/java.exe
if exist "%JAVA_EXE%" goto execute
echo.
echo ERROR: JAVA_HOME is set to an invalid directory: %JAVA_HOME%
echo.
echo Please set the JAVA_HOME variable in your environment to match the
echo location of your Java installation.
goto fail
:execute
@rem Setup the command line
set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
@rem Execute Gradle
"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
:end
@rem End local scope for the variables with windows NT shell
if %ERRORLEVEL% equ 0 goto mainEnd
:fail
rem Set variable GRADLE_EXIT_CONSOLE if you need the _script_ return code instead of
rem the _cmd.exe /c_ return code!
set EXIT_CODE=%ERRORLEVEL%
if %EXIT_CODE% equ 0 set EXIT_CODE=1
if not ""=="%GRADLE_EXIT_CONSOLE%" exit %EXIT_CODE%
exit /b %EXIT_CODE%
:mainEnd
if "%OS%"=="Windows_NT" endlocal
:omega

View File

@@ -1,5 +1,7 @@
import platform
from create_database_utils import *
gradle_cmd = "gradlew.bat" if platform.system() == "Windows" else "./gradlew"
run_codeql_database_create(
["gradle build --no-daemon --no-build-cache --rerun-tasks"], lang="java")
runSuccessfully([get_cmd("gradle"), "clean"])
["%s build --no-daemon --no-build-cache" % gradle_cmd], lang="java")

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The query `java/hardcoded-credential-api-call` now recognizes methods that accept user and password from the SQLServerDataSource class of the Microsoft JDBC Driver for SQL Server.

View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* The Java extractor now supports builds against JDK 20.

View File

@@ -1,5 +1,5 @@
name: codeql/java-all
version: 0.5.3
version: 0.5.4-dev
groups: java
dbscheme: config/semmlecode.dbscheme
extractor: java

View File

@@ -485,6 +485,10 @@ private predicate otherApiCallableCredentialParam(string s) {
"com.mongodb.MongoCredential;createCredential(String, String, char[]);2",
"com.mongodb.MongoCredential;createMongoCRCredential(String, String, char[]);2",
"com.mongodb.MongoCredential;createPlainCredential(String, String, char[]);2",
"com.mongodb.MongoCredential;createScramSha1Credential(String, String, char[]);2"
"com.mongodb.MongoCredential;createScramSha1Credential(String, String, char[]);2",
"com.microsoft.sqlserver.jdbc.SQLServerDataSource;setUser(String);0",
"com.microsoft.sqlserver.jdbc.SQLServerDataSource;setPassword(String);0",
"com.microsoft.sqlserver.jdbc.SQLServerDataSource;getConnection(String, String);0",
"com.microsoft.sqlserver.jdbc.SQLServerDataSource;getConnection(String, String);1",
]
}

View File

@@ -1,5 +1,5 @@
name: codeql/java-queries
version: 0.5.3
version: 0.5.4-dev
groups:
- java
- queries

View File

@@ -64,11 +64,12 @@ string getZero(PrimitiveType t) {
* Holds if `c` may require disambiguation from an overload with the same argument count.
*/
predicate mayBeAmbiguous(Callable c) {
exists(Callable other, string package, string type, string name |
c.hasQualifiedName(package, type, name) and
exists(Callable other, Callable override, string package, string type, string name |
override = [c, c.(Method).getASourceOverriddenMethod*()] and
override.hasQualifiedName(package, type, name) and
other.hasQualifiedName(package, type, name) and
other.getNumberOfParameters() = c.getNumberOfParameters() and
other != c
other.getNumberOfParameters() = override.getNumberOfParameters() and
other != override
)
or
c.isVarargs()

View File

@@ -1,4 +1,4 @@
#!/usr/bin/python3
#!/usr/bin/env python3
import errno
import json
@@ -13,11 +13,14 @@ import tempfile
if any(s == "--help" for s in sys.argv):
print("""Usage:
GenerateFlowTestCase.py specsToTest.csv projectPom.xml outdir [--force]
GenerateFlowTestCase.py specsToTest projectPom.xml outdir [--force]
This generates test cases exercising function model specifications found in specsToTest.csv
This generates test cases exercising function model specifications found in specsToTest
producing files Test.java, test.ql, test.ext.yml and test.expected in outdir.
specsToTest should either be a .csv file, a .yml file, or a directory of .yml files, containing the
model specifications to test.
projectPom.xml should be a Maven pom sufficient to resolve the classes named in specsToTest.csv.
Typically this means supplying a skeleton POM <dependencies> section that retrieves whatever jars
contain the needed classes.
@@ -40,14 +43,15 @@ if "--force" in sys.argv:
if len(sys.argv) != 4:
print(
"Usage: GenerateFlowTestCase.py specsToTest.csv projectPom.xml outdir [--force]", file=sys.stderr)
print("specsToTest.csv should contain CSV rows describing method taint-propagation specifications to test", file=sys.stderr)
print("projectPom.xml should import dependencies sufficient to resolve the types used in specsToTest.csv", file=sys.stderr)
"Usage: GenerateFlowTestCase.py specsToTest projectPom.xml outdir [--force]", file=sys.stderr)
print("specsToTest should contain CSV rows or YAML models describing method taint-propagation specifications to test", file=sys.stderr)
print("projectPom.xml should import dependencies sufficient to resolve the types used in specsToTest", file=sys.stderr)
print("\nRun with --help for more details.", file=sys.stderr)
sys.exit(1)
try:
os.makedirs(sys.argv[3])
except Exception as e:
except OSError as e:
if e.errno != errno.EEXIST:
print("Failed to create output directory %s: %s" % (sys.argv[3], e))
sys.exit(1)
@@ -75,38 +79,86 @@ except Exception as e:
(sys.argv[2], e), file=sys.stderr)
sys.exit(1)
commentRegex = re.compile("^\s*(//|#)")
commentRegex = re.compile(r"^\s*(//|#)")
def isComment(s):
return commentRegex.match(s) is not None
def readCsv(file):
try:
with open(sys.argv[1], "r") as f:
specs = [l for l in f if not isComment(l)]
with open(file, "r") as f:
specs = [l.strip() for l in f if not isComment(l)]
except Exception as e:
print("Failed to open %s: %s\n" % (sys.argv[1], e))
print("Failed to open %s: %s\n" % (file, e))
sys.exit(1)
specs = [row.split(";") for row in specs]
return specs
def readYml(file):
try:
import yaml
with open(file, "r") as f:
doc = yaml.load(f.read(), yaml.Loader)
specs = []
for ext in doc['extensions']:
if ext['addsTo']['extensible'] == 'summaryModel':
for row in ext['data']:
if isinstance(row[2], bool):
row[2] = str(row[2]).lower()
specs.append(row)
return specs
except ImportError:
print("PyYAML not found - try \n pip install pyyaml")
sys.exit(1)
except ValueError as e:
print("Invalid yaml model in %s: %s\n" % (file, e))
sys.exit(1)
except OSError as e:
print("Failed to open %s: %s\n" % (file, e))
sys.exit(1)
def readYmlDir(dirname):
specs = []
for f in os.listdir(dirname):
if f.endswith('.yml'):
specs += readYml(f"{dirname}/{f}")
return specs
specsFile = sys.argv[1]
if os.path.isdir(specsFile):
specs = readYmlDir(specsFile)
elif specsFile.endswith(".yml") or specsFile.endswith(".yaml"):
specs = readYml(specsFile)
elif specsFile.endswith(".csv"):
specs = readCsv(specsFile)
else:
print(f"Invalid specs {specsFile}. Must be a csv file, a yml file, or a directory of yml files.")
sys.exit(1)
projectTestPkgDir = os.path.join(projectDir, "src", "main", "java", "test")
projectTestFile = os.path.join(projectTestPkgDir, "Test.java")
os.makedirs(projectTestPkgDir)
def qualifiedOuterNameFromCsvRow(row):
cells = row.split(";")
if len(cells) < 2:
def qualifiedOuterNameFromRow(row):
if len(row) < 2:
return None
return cells[0] + "." + cells[1].replace("$", ".")
return row[0] + "." + row[1].replace("$", ".")
with open(projectTestFile, "w") as testJava:
testJava.write("package test;\n\npublic class Test {\n\n")
for i, spec in enumerate(specs):
outerName = qualifiedOuterNameFromCsvRow(spec)
outerName = qualifiedOuterNameFromRow(spec)
if outerName is None:
print("A taint specification has the wrong format: should be 'package;classname;methodname....'", file=sys.stderr)
print("Mis-formatted row: " + spec, file=sys.stderr)
@@ -140,7 +192,7 @@ dependencies:
with open(qlFile, "w") as f:
f.write(
"import java\nimport utils.flowtestcasegenerator.GenerateFlowTestCase\n\nclass GenRow extends TargetSummaryModelCsv {\n\n\toverride predicate row(string r) {\n\t\tr = [\n")
f.write(",\n".join('\t\t\t"%s"' % spec.strip() for spec in specs))
f.write(",\n".join('\t\t\t"%s"' % ';'.join(spec) for spec in specs))
f.write("\n\t\t]\n\t}\n}\n")
print("Generating tests")

View File

@@ -36,8 +36,6 @@ private predicate isInTestFile(J::File file) {
private predicate isJdkInternal(J::CompilationUnit cu) {
cu.getPackage().getName().matches("org.graalvm%") or
cu.getPackage().getName().matches("com.sun%") or
cu.getPackage().getName().matches("javax.swing%") or
cu.getPackage().getName().matches("java.awt%") or
cu.getPackage().getName().matches("sun%") or
cu.getPackage().getName().matches("jdk%") or
cu.getPackage().getName().matches("java2d%") or
@@ -57,12 +55,18 @@ private predicate isJdkInternal(J::CompilationUnit cu) {
cu.getPackage().getName() = ""
}
private predicate isInfrequentlyUsed(J::CompilationUnit cu) {
cu.getPackage().getName().matches("javax.swing%") or
cu.getPackage().getName().matches("java.awt%")
}
/**
* Holds if it is relevant to generate models for `api`.
*/
private predicate isRelevantForModels(J::Callable api) {
not isInTestFile(api.getCompilationUnit().getFile()) and
not isJdkInternal(api.getCompilationUnit()) and
not isInfrequentlyUsed(api.getCompilationUnit()) and
not api instanceof J::MainMethod and
not api instanceof J::StaticInitializer and
not exists(J::FunctionalExpr funcExpr | api = funcExpr.asMethod()) and

View File

@@ -145,7 +145,7 @@ class StrBuilderTest {
// Test all fluent methods are passing taint through to their result:
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
sink(fluentAllMethodsTest
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
@@ -171,7 +171,7 @@ class StrBuilderTest {
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
.trim()); // $hasTaintFlow
// Test all fluent methods are passing taint back to their qualifier:
StrBuilder fluentAllMethodsTest2 = new StrBuilder();

View File

@@ -145,7 +145,7 @@ class StrBuilderTextTest {
// Test all fluent methods are passing taint through to their result:
StrBuilder fluentAllMethodsTest = new StrBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
sink(fluentAllMethodsTest
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
@@ -171,7 +171,7 @@ class StrBuilderTextTest {
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
.trim()); // $hasTaintFlow
// Test all fluent methods are passing taint back to their qualifier:
StrBuilder fluentAllMethodsTest2 = new StrBuilder();

View File

@@ -146,7 +146,7 @@ class TextStringBuilderTest {
// Test all fluent methods are passing taint through to their result:
TextStringBuilder fluentAllMethodsTest = new TextStringBuilder(taint());
sink(fluentAllMethodsTest // $hasTaintFlow
sink(fluentAllMethodsTest
.append("text")
.appendAll("text")
.appendFixedWidthPadLeft("text", 4, ' ')
@@ -172,7 +172,7 @@ class TextStringBuilderTest {
.setLength(500)
.setNewLineText("newline")
.setNullText("NULL")
.trim());
.trim()); // $hasTaintFlow
// Test all fluent methods are passing taint back to their qualifier:
TextStringBuilder fluentAllMethodsTest2 = new TextStringBuilder();

View File

@@ -24,9 +24,9 @@ public class JsfXSS extends Renderer
ResponseWriter writer = facesContext.getResponseWriter();
writer.write("<script type=\"text/javascript\">");
writer.write("(function(){");
writer.write("dswh.init('" + windowId + "','" // $xss
writer.write("dswh.init('" + windowId + "','"
+ "......" + "',"
+ -1 + ",{");
+ -1 + ",{"); // $xss
writer.write("});");
writer.write("})();");
writer.write("</script>");

View File

@@ -3,7 +3,7 @@
xmlns:tools="http://schemas.android.com/tools"
package="com.example.happybirthday">
<!-- $ hasDebuggableAttributeEnabled --> <application
<application
android:debuggable="true"
android:allowBackup="true"
android:dataExtractionRules="@xml/data_extraction_rules"
@@ -13,7 +13,7 @@
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.HappyBirthday"
tools:targetApi="31">
tools:targetApi="31"> <!-- $ hasDebuggableAttributeEnabled -->
<activity
android:name=".MainActivity"
android:exported="true">

View File

@@ -3,7 +3,7 @@
xmlns:tools="http://schemas.android.com/tools"
package="com.example.happybirthday">
<!-- Safe: manifest file located in build directory --> <application
<application
android:debuggable="true"
android:allowBackup="true"
android:dataExtractionRules="@xml/data_extraction_rules"
@@ -13,7 +13,7 @@
android:roundIcon="@mipmap/ic_launcher_round"
android:supportsRtl="true"
android:theme="@style/Theme.HappyBirthday"
tools:targetApi="31">
tools:targetApi="31"> <!-- Safe: manifest file located in build directory -->
<activity
android:name=".MainActivity"
android:exported="true">

View File

@@ -4,9 +4,9 @@
xmlns:app="http://schemas.android.com/apk/res-auto">
<!-- $hasResult --> <EditText
<EditText
android:id="@+id/test1_password"
android:inputType="text"/>
android:inputType="text"/> <!-- $hasResult -->
<EditText
android:id="@+id/test2_safe"
@@ -20,12 +20,12 @@
android:id="@+id/test4_password"
android:inputType="textPassword"/>
<!-- $hasResult --> <EditText
<EditText
android:id="@+id/test5_bank_account_name"
android:inputType="textMultiLine"/>
android:inputType="textMultiLine"/> <!-- $hasResult -->
<!-- $hasResult --> <EditText
android:id="@+id/test6_password"/>
<EditText
android:id="@+id/test6_password"/> <!-- $hasResult -->
<EditText
android:id="@+id/test7_password"/>

View File

@@ -0,0 +1,10 @@
import com.microsoft.sqlserver.jdbc.SQLServerDataSource;
public class HardcodedMSSQLCredentials {
public static void main(SQLServerDataSource ds) throws Exception {
ds.setUser("Username"); // $ HardcodedCredentialsApiCall
ds.setPassword("password"); // $ HardcodedCredentialsApiCall
ds.getConnection("Username", null); // $ HardcodedCredentialsApiCall
ds.getConnection(null, "password"); // $ HardcodedCredentialsApiCall
}
}

View File

@@ -1 +1 @@
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient
// semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/amazon-aws-sdk-1.11.700:${testdir}/../../../../../stubs/azure-sdk-for-java:${testdir}/../../../../../stubs/shiro-core-1.4.0:${testdir}/../../../../../stubs/jsch-0.1.55:${testdir}/../../../../../stubs/ganymed-ssh-2-260:${testdir}/../../../../../stubs/apache-mina-sshd-2.8.0:${testdir}/../../../../../stubs/sshj-0.33.0:${testdir}/../../../../../stubs/j2ssh-1.5.5:${testdir}/../../../../../stubs/trilead-ssh2-212:${testdir}/../../../../../stubs/apache-commons-net-3.8.0:${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/mssql-jdbc-12.2.0

View File

@@ -14,58 +14,58 @@
android:theme="@style/Theme.HappyBirthday"
tools:targetApi="31">
<!-- $ hasImplicitExport --> <activity
<activity
android:name=".Activity">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
</intent-filter>
</activity>
</activity> <!-- $ hasImplicitExport -->
<!-- $ hasImplicitExport --> <receiver
<receiver
android:name=".CheckInstall">
<intent-filter>
<action android:name="android.intent.action.PACKAGE_INSTALL"/>
</intent-filter>
</receiver>
</receiver> <!-- $ hasImplicitExport -->
<!-- $ hasImplicitExport --> <service
<service
android:name=".backgroundService">
<intent-filter>
<action android:name="android.intent.action.START_BACKGROUND"/>
</intent-filter>
</service>
</service> <!-- $ hasImplicitExport -->
<!-- $ hasImplicitExport --> <provider
<provider
android:name=".MyCloudProvider">
<intent-filter>
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
</intent-filter>
</provider>
</provider> <!-- $ hasImplicitExport -->
<!-- Safe: 'android:exported' explicitly set --> <activity
<activity
android:name=".Activity"
android:exported="true">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
</intent-filter>
</activity>
</activity> <!-- Safe: 'android:exported' explicitly set -->
<!-- Safe: no intent filter --> <activity
<activity
android:name=".Activity">
</activity>
</activity> <!-- Safe: no intent filter -->
<!-- Safe: has 'permission' attribute --> <activity
<activity
android:name=".Activity"
android:permission=".Test">
<intent-filter>
<action android:name="android.intent.action.VIEW" />
</intent-filter>
</activity>
</activity> <!-- Safe: has 'permission' attribute -->
<!-- Safe: 'provider' with read and write permissions set --> <provider
<provider
android:name=".MyCloudProvider"
android:readPermission=".TestRead"
android:writePermission=".TestWrite">
@@ -73,41 +73,41 @@
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
</intent-filter>
</provider>
</provider> <!-- Safe: 'provider' with read and write permissions set -->
<!-- $ hasImplicitExport --> <provider
<provider
android:name=".MyCloudProvider"
android:readPermission=".TestRead">
<intent-filter>
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
</intent-filter>
</provider>
</provider> <!-- $ hasImplicitExport -->
<!-- $ hasImplicitExport --> <provider
<provider
android:name=".MyCloudProvider"
android:writePermission=".TestWrite">
<intent-filter>
<action android:name="android.intent.action.DOCUMENTS_PROVIDER"/>
</intent-filter>
</provider>
</provider> <!-- $ hasImplicitExport -->
<!-- Safe: has category 'android.intent.category.LAUNCHER' --> <activity
<activity
android:name=".Activity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
<category android:name="android.intent.category.LAUNCHER" />
</intent-filter>
</activity>
</activity> <!-- Safe: has category 'android.intent.category.LAUNCHER' -->
<!-- Safe: has action 'android.intent.category.MAIN' --> <activity
<activity
android:name=".Activity">
<intent-filter>
<action android:name="android.intent.action.MAIN" />
</intent-filter>
</activity>
</activity> <!-- Safe: has action 'android.intent.category.MAIN' -->
</application>

View File

@@ -17,22 +17,22 @@
<!-- Read Only -->
<!-- $ hasIncompletePermissions --><provider
<provider
android:name=".MyContentProviderRO"
android:authorities="table"
android:enabled="true"
android:exported="true"
android:readPermission="android.permission.MANAGE_DOCUMENTS"></provider>
android:readPermission="android.permission.MANAGE_DOCUMENTS"></provider><!-- $ hasIncompletePermissions -->
<!-- Write Only -->
<!-- $ hasIncompletePermissions --> <provider
<provider
android:name=".MyContentProviderWO"
android:authorities="table"
android:enabled="true"
android:exported="true"
android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider>
android:writePermission="android.permission.MANAGE_DOCUMENTS"></provider><!-- $ hasIncompletePermissions -->
<!-- Full -->

View File

@@ -0,0 +1,166 @@
// Generated automatically from com.microsoft.sqlserver.jdbc.ISQLServerDataSource for testing purposes
package com.microsoft.sqlserver.jdbc;
import com.microsoft.sqlserver.jdbc.SQLServerAccessTokenCallback;
import javax.sql.CommonDataSource;
import org.ietf.jgss.GSSCredential;
public interface ISQLServerDataSource extends CommonDataSource
{
GSSCredential getGSSCredentials();
SQLServerAccessTokenCallback getAccessTokenCallback();
String getAADSecurePrincipalId();
String getAccessToken();
String getApplicationIntent();
String getApplicationName();
String getAuthentication();
String getClientCertificate();
String getClientKey();
String getColumnEncryptionSetting();
String getDatabaseName();
String getDatetimeParameterType();
String getDescription();
String getDomain();
String getEnclaveAttestationProtocol();
String getEnclaveAttestationUrl();
String getEncrypt();
String getFailoverPartner();
String getHostNameInCertificate();
String getIPAddressPreference();
String getInstanceName();
String getJAASConfigurationName();
String getJASSConfigurationName();
String getKeyStoreAuthentication();
String getKeyStoreLocation();
String getKeyStorePrincipalId();
String getKeyVaultProviderClientId();
String getMSIClientId();
String getMaxResultBuffer();
String getPrepareMethod();
String getRealm();
String getResponseBuffering();
String getSSLProtocol();
String getSelectMethod();
String getServerCertificate();
String getServerName();
String getServerSpn();
String getSocketFactoryClass();
String getSocketFactoryConstructorArg();
String getTrustManagerClass();
String getTrustManagerConstructorArg();
String getTrustStore();
String getTrustStoreType();
String getURL();
String getUser();
String getWorkstationID();
boolean getDelayLoadingLobs();
boolean getDisableStatementPooling();
boolean getEnablePrepareOnFirstPreparedStatementCall();
boolean getFIPS();
boolean getLastUpdateCount();
boolean getMultiSubnetFailover();
boolean getReplication();
boolean getSendStringParametersAsUnicode();
boolean getSendTemporalDataTypesAsStringForBulkCopy();
boolean getSendTimeAsDatetime();
boolean getServerNameAsACE();
boolean getTransparentNetworkIPResolution();
boolean getTrustServerCertificate();
boolean getUseBulkCopyForBatchInsert();
boolean getUseFmtOnly();
boolean getXopenStates();
int getCancelQueryTimeout();
int getConnectRetryCount();
int getConnectRetryInterval();
int getLockTimeout();
int getMsiTokenCacheTtl();
int getPacketSize();
int getPortNumber();
int getQueryTimeout();
int getServerPreparedStatementDiscardThreshold();
int getSocketTimeout();
int getStatementPoolingCacheSize();
void setAADSecurePrincipalId(String p0);
void setAADSecurePrincipalSecret(String p0);
void setAccessToken(String p0);
void setAccessTokenCallback(SQLServerAccessTokenCallback p0);
void setApplicationIntent(String p0);
void setApplicationName(String p0);
void setAuthentication(String p0);
void setAuthenticationScheme(String p0);
void setCancelQueryTimeout(int p0);
void setClientCertificate(String p0);
void setClientKey(String p0);
void setClientKeyPassword(String p0);
void setColumnEncryptionSetting(String p0);
void setConnectRetryCount(int p0);
void setConnectRetryInterval(int p0);
void setDatabaseName(String p0);
void setDatetimeParameterType(String p0);
void setDelayLoadingLobs(boolean p0);
void setDescription(String p0);
void setDisableStatementPooling(boolean p0);
void setDomain(String p0);
void setEnablePrepareOnFirstPreparedStatementCall(boolean p0);
void setEnclaveAttestationProtocol(String p0);
void setEnclaveAttestationUrl(String p0);
void setEncrypt(String p0);
void setEncrypt(boolean p0);
void setFIPS(boolean p0);
void setFailoverPartner(String p0);
void setGSSCredentials(GSSCredential p0);
void setHostNameInCertificate(String p0);
void setIPAddressPreference(String p0);
void setInstanceName(String p0);
void setIntegratedSecurity(boolean p0);
void setJAASConfigurationName(String p0);
void setJASSConfigurationName(String p0);
void setKeyStoreAuthentication(String p0);
void setKeyStoreLocation(String p0);
void setKeyStorePrincipalId(String p0);
void setKeyStoreSecret(String p0);
void setKeyVaultProviderClientId(String p0);
void setKeyVaultProviderClientKey(String p0);
void setLastUpdateCount(boolean p0);
void setLockTimeout(int p0);
void setMSIClientId(String p0);
void setMaxResultBuffer(String p0);
void setMsiTokenCacheTtl(int p0);
void setMultiSubnetFailover(boolean p0);
void setPacketSize(int p0);
void setPassword(String p0);
void setPortNumber(int p0);
void setPrepareMethod(String p0);
void setQueryTimeout(int p0);
void setRealm(String p0);
void setReplication(boolean p0);
void setResponseBuffering(String p0);
void setSSLProtocol(String p0);
void setSelectMethod(String p0);
void setSendStringParametersAsUnicode(boolean p0);
void setSendTemporalDataTypesAsStringForBulkCopy(boolean p0);
void setSendTimeAsDatetime(boolean p0);
void setServerCertificate(String p0);
void setServerName(String p0);
void setServerNameAsACE(boolean p0);
void setServerPreparedStatementDiscardThreshold(int p0);
void setServerSpn(String p0);
void setSocketFactoryClass(String p0);
void setSocketFactoryConstructorArg(String p0);
void setSocketTimeout(int p0);
void setStatementPoolingCacheSize(int p0);
void setTransparentNetworkIPResolution(boolean p0);
void setTrustManagerClass(String p0);
void setTrustManagerConstructorArg(String p0);
void setTrustServerCertificate(boolean p0);
void setTrustStore(String p0);
void setTrustStorePassword(String p0);
void setTrustStoreType(String p0);
void setURL(String p0);
void setUseBulkCopyForBatchInsert(boolean p0);
void setUseFmtOnly(boolean p0);
void setUser(String p0);
void setWorkstationID(String p0);
void setXopenStates(boolean p0);
}

View File

@@ -0,0 +1,10 @@
// Generated automatically from com.microsoft.sqlserver.jdbc.SQLServerAccessTokenCallback for testing purposes
package com.microsoft.sqlserver.jdbc;
import com.microsoft.sqlserver.jdbc.SqlAuthenticationToken;
public interface SQLServerAccessTokenCallback
{
SqlAuthenticationToken getAccessToken(String p0, String p1);
}

View File

@@ -0,0 +1,185 @@
// Generated automatically from com.microsoft.sqlserver.jdbc.SQLServerDataSource for testing purposes
package com.microsoft.sqlserver.jdbc;
import com.microsoft.sqlserver.jdbc.ISQLServerDataSource;
import com.microsoft.sqlserver.jdbc.SQLServerAccessTokenCallback;
import java.io.PrintWriter;
import java.io.Serializable;
import java.sql.Connection;
import java.util.logging.Logger;
import javax.naming.Reference;
import javax.naming.Referenceable;
import javax.sql.DataSource;
import org.ietf.jgss.GSSCredential;
public class SQLServerDataSource implements DataSource, ISQLServerDataSource, Referenceable, Serializable
{
public <T> T unwrap(Class<T> p0){ return null; }
public Connection getConnection(){ return null; }
public Connection getConnection(String p0, String p1){ return null; }
public GSSCredential getGSSCredentials(){ return null; }
public Logger getParentLogger(){ return null; }
public PrintWriter getLogWriter(){ return null; }
public Reference getReference(){ return null; }
public SQLServerAccessTokenCallback getAccessTokenCallback(){ return null; }
public SQLServerDataSource(){}
public String getAADSecurePrincipalId(){ return null; }
public String getAccessToken(){ return null; }
public String getApplicationIntent(){ return null; }
public String getApplicationName(){ return null; }
public String getAuthentication(){ return null; }
public String getClientCertificate(){ return null; }
public String getClientKey(){ return null; }
public String getColumnEncryptionSetting(){ return null; }
public String getDatabaseName(){ return null; }
public String getDatetimeParameterType(){ return null; }
public String getDescription(){ return null; }
public String getDomain(){ return null; }
public String getEnclaveAttestationProtocol(){ return null; }
public String getEnclaveAttestationUrl(){ return null; }
public String getEncrypt(){ return null; }
public String getFailoverPartner(){ return null; }
public String getHostNameInCertificate(){ return null; }
public String getIPAddressPreference(){ return null; }
public String getInstanceName(){ return null; }
public String getJAASConfigurationName(){ return null; }
public String getJASSConfigurationName(){ return null; }
public String getKeyStoreAuthentication(){ return null; }
public String getKeyStoreLocation(){ return null; }
public String getKeyStorePrincipalId(){ return null; }
public String getKeyVaultProviderClientId(){ return null; }
public String getMSIClientId(){ return null; }
public String getMaxResultBuffer(){ return null; }
public String getPrepareMethod(){ return null; }
public String getRealm(){ return null; }
public String getResponseBuffering(){ return null; }
public String getSSLProtocol(){ return null; }
public String getSelectMethod(){ return null; }
public String getServerCertificate(){ return null; }
public String getServerName(){ return null; }
public String getServerSpn(){ return null; }
public String getSocketFactoryClass(){ return null; }
public String getSocketFactoryConstructorArg(){ return null; }
public String getTrustManagerClass(){ return null; }
public String getTrustManagerConstructorArg(){ return null; }
public String getTrustStore(){ return null; }
public String getTrustStoreType(){ return null; }
public String getURL(){ return null; }
public String getUser(){ return null; }
public String getWorkstationID(){ return null; }
public String toString(){ return null; }
public boolean getDelayLoadingLobs(){ return false; }
public boolean getDisableStatementPooling(){ return false; }
public boolean getEnablePrepareOnFirstPreparedStatementCall(){ return false; }
public boolean getFIPS(){ return false; }
public boolean getLastUpdateCount(){ return false; }
public boolean getMultiSubnetFailover(){ return false; }
public boolean getReplication(){ return false; }
public boolean getSendStringParametersAsUnicode(){ return false; }
public boolean getSendTemporalDataTypesAsStringForBulkCopy(){ return false; }
public boolean getSendTimeAsDatetime(){ return false; }
public boolean getServerNameAsACE(){ return false; }
public boolean getTransparentNetworkIPResolution(){ return false; }
public boolean getTrustServerCertificate(){ return false; }
public boolean getUseBulkCopyForBatchInsert(){ return false; }
public boolean getUseFmtOnly(){ return false; }
public boolean getXopenStates(){ return false; }
public boolean isWrapperFor(Class<? extends Object> p0){ return false; }
public int getCancelQueryTimeout(){ return 0; }
public int getConnectRetryCount(){ return 0; }
public int getConnectRetryInterval(){ return 0; }
public int getLockTimeout(){ return 0; }
public int getLoginTimeout(){ return 0; }
public int getMsiTokenCacheTtl(){ return 0; }
public int getPacketSize(){ return 0; }
public int getPortNumber(){ return 0; }
public int getQueryTimeout(){ return 0; }
public int getServerPreparedStatementDiscardThreshold(){ return 0; }
public int getSocketTimeout(){ return 0; }
public int getStatementPoolingCacheSize(){ return 0; }
public void setAADSecurePrincipalId(String p0){}
public void setAADSecurePrincipalSecret(String p0){}
public void setAccessToken(String p0){}
public void setAccessTokenCallback(SQLServerAccessTokenCallback p0){}
public void setApplicationIntent(String p0){}
public void setApplicationName(String p0){}
public void setAuthentication(String p0){}
public void setAuthenticationScheme(String p0){}
public void setCancelQueryTimeout(int p0){}
public void setClientCertificate(String p0){}
public void setClientKey(String p0){}
public void setClientKeyPassword(String p0){}
public void setColumnEncryptionSetting(String p0){}
public void setConnectRetryCount(int p0){}
public void setConnectRetryInterval(int p0){}
public void setDatabaseName(String p0){}
public void setDatetimeParameterType(String p0){}
public void setDelayLoadingLobs(boolean p0){}
public void setDescription(String p0){}
public void setDisableStatementPooling(boolean p0){}
public void setDomain(String p0){}
public void setEnablePrepareOnFirstPreparedStatementCall(boolean p0){}
public void setEnclaveAttestationProtocol(String p0){}
public void setEnclaveAttestationUrl(String p0){}
public void setEncrypt(String p0){}
public void setEncrypt(boolean p0){}
public void setFIPS(boolean p0){}
public void setFailoverPartner(String p0){}
public void setGSSCredentials(GSSCredential p0){}
public void setHostNameInCertificate(String p0){}
public void setIPAddressPreference(String p0){}
public void setInstanceName(String p0){}
public void setIntegratedSecurity(boolean p0){}
public void setJAASConfigurationName(String p0){}
public void setJASSConfigurationName(String p0){}
public void setKeyStoreAuthentication(String p0){}
public void setKeyStoreLocation(String p0){}
public void setKeyStorePrincipalId(String p0){}
public void setKeyStoreSecret(String p0){}
public void setKeyVaultProviderClientId(String p0){}
public void setKeyVaultProviderClientKey(String p0){}
public void setLastUpdateCount(boolean p0){}
public void setLockTimeout(int p0){}
public void setLogWriter(PrintWriter p0){}
public void setLoginTimeout(int p0){}
public void setMSIClientId(String p0){}
public void setMaxResultBuffer(String p0){}
public void setMsiTokenCacheTtl(int p0){}
public void setMultiSubnetFailover(boolean p0){}
public void setPacketSize(int p0){}
public void setPassword(String p0){}
public void setPortNumber(int p0){}
public void setPrepareMethod(String p0){}
public void setQueryTimeout(int p0){}
public void setRealm(String p0){}
public void setReplication(boolean p0){}
public void setResponseBuffering(String p0){}
public void setSSLProtocol(String p0){}
public void setSelectMethod(String p0){}
public void setSendStringParametersAsUnicode(boolean p0){}
public void setSendTemporalDataTypesAsStringForBulkCopy(boolean p0){}
public void setSendTimeAsDatetime(boolean p0){}
public void setServerCertificate(String p0){}
public void setServerName(String p0){}
public void setServerNameAsACE(boolean p0){}
public void setServerPreparedStatementDiscardThreshold(int p0){}
public void setServerSpn(String p0){}
public void setSocketFactoryClass(String p0){}
public void setSocketFactoryConstructorArg(String p0){}
public void setSocketTimeout(int p0){}
public void setStatementPoolingCacheSize(int p0){}
public void setTransparentNetworkIPResolution(boolean p0){}
public void setTrustManagerClass(String p0){}
public void setTrustManagerConstructorArg(String p0){}
public void setTrustServerCertificate(boolean p0){}
public void setTrustStore(String p0){}
public void setTrustStorePassword(String p0){}
public void setTrustStoreType(String p0){}
public void setURL(String p0){}
public void setUseBulkCopyForBatchInsert(boolean p0){}
public void setUseFmtOnly(boolean p0){}
public void setUser(String p0){}
public void setWorkstationID(String p0){}
public void setXopenStates(boolean p0){}
}

View File

@@ -0,0 +1,16 @@
// Generated automatically from com.microsoft.sqlserver.jdbc.SqlAuthenticationToken for testing purposes
package com.microsoft.sqlserver.jdbc;
import java.io.Serializable;
import java.util.Date;
public class SqlAuthenticationToken implements Serializable
{
protected SqlAuthenticationToken() {}
public Date getExpiresOn(){ return null; }
public SqlAuthenticationToken(String p0, Date p1){}
public SqlAuthenticationToken(String p0, long p1){}
public String getAccessToken(){ return null; }
public String toString(){ return null; }
}

View File

@@ -0,0 +1,11 @@
// Generated automatically from javax.crypto.SecretKey for testing purposes
package javax.crypto;
import java.security.Key;
import javax.security.auth.Destroyable;
public interface SecretKey extends Destroyable, Key
{
static long serialVersionUID = 0;
}

View File

@@ -0,0 +1,18 @@
// Generated automatically from javax.crypto.spec.SecretKeySpec for testing purposes
package javax.crypto.spec;
import java.security.spec.KeySpec;
import javax.crypto.SecretKey;
public class SecretKeySpec implements KeySpec, SecretKey
{
protected SecretKeySpec() {}
public SecretKeySpec(byte[] p0, String p1){}
public SecretKeySpec(byte[] p0, int p1, int p2, String p3){}
public String getAlgorithm(){ return null; }
public String getFormat(){ return null; }
public boolean equals(Object p0){ return false; }
public byte[] getEncoded(){ return null; }
public int hashCode(){ return 0; }
}

View File

@@ -0,0 +1,17 @@
// Generated automatically from javax.naming.RefAddr for testing purposes
package javax.naming;
import java.io.Serializable;
abstract public class RefAddr implements Serializable
{
protected RefAddr() {}
protected RefAddr(String p0){}
protected String addrType = null;
public String getType(){ return null; }
public String toString(){ return null; }
public abstract Object getContent();
public boolean equals(Object p0){ return false; }
public int hashCode(){ return 0; }
}

View File

@@ -0,0 +1,36 @@
// Generated automatically from javax.naming.Reference for testing purposes
package javax.naming;
import java.io.Serializable;
import java.util.Enumeration;
import java.util.Vector;
import javax.naming.RefAddr;
public class Reference implements Cloneable, Serializable
{
protected Reference() {}
protected String classFactory = null;
protected String classFactoryLocation = null;
protected String className = null;
protected Vector<RefAddr> addrs = null;
public Enumeration<RefAddr> getAll(){ return null; }
public Object clone(){ return null; }
public Object remove(int p0){ return null; }
public RefAddr get(String p0){ return null; }
public RefAddr get(int p0){ return null; }
public Reference(String p0){}
public Reference(String p0, RefAddr p1){}
public Reference(String p0, RefAddr p1, String p2, String p3){}
public Reference(String p0, String p1, String p2){}
public String getClassName(){ return null; }
public String getFactoryClassLocation(){ return null; }
public String getFactoryClassName(){ return null; }
public String toString(){ return null; }
public boolean equals(Object p0){ return false; }
public int hashCode(){ return 0; }
public int size(){ return 0; }
public void add(RefAddr p0){}
public void add(int p0, RefAddr p1){}
public void clear(){}
}

View File

@@ -0,0 +1,10 @@
// Generated automatically from javax.naming.Referenceable for testing purposes
package javax.naming;
import javax.naming.Reference;
public interface Referenceable
{
Reference getReference();
}

View File

@@ -0,0 +1,10 @@
// Generated automatically from javax.security.auth.Destroyable for testing purposes
package javax.security.auth;
public interface Destroyable
{
default boolean isDestroyed(){ return false; }
default void destroy(){}
}

View File

@@ -0,0 +1,17 @@
// Generated automatically from javax.sql.CommonDataSource for testing purposes
package javax.sql;
import java.io.PrintWriter;
import java.sql.ShardingKeyBuilder;
import java.util.logging.Logger;
public interface CommonDataSource
{
Logger getParentLogger();
PrintWriter getLogWriter();
default ShardingKeyBuilder createShardingKeyBuilder(){ return null; }
int getLoginTimeout();
void setLogWriter(PrintWriter p0);
void setLoginTimeout(int p0);
}

View File

@@ -0,0 +1,20 @@
// Generated automatically from javax.sql.DataSource for testing purposes
package javax.sql;
import java.io.PrintWriter;
import java.sql.Connection;
import java.sql.ConnectionBuilder;
import java.sql.Wrapper;
import javax.sql.CommonDataSource;
public interface DataSource extends CommonDataSource, Wrapper
{
Connection getConnection();
Connection getConnection(String p0, String p1);
PrintWriter getLogWriter();
default ConnectionBuilder createConnectionBuilder(){ return null; }
int getLoginTimeout();
void setLogWriter(PrintWriter p0);
void setLoginTimeout(int p0);
}

Some files were not shown because too many files have changed in this diff Show More