mirror of
https://github.com/github/codeql.git
synced 2026-05-20 14:17:11 +02:00
Compare commits
5 Commits
nicolaswil
...
idrissrio/
| Author | SHA1 | Date | |
|---|---|---|---|
|
2ca7d8cb6d | ||
|
|
44de113376 | ||
|
|
bd0d69ffca | ||
|
|
97ed67e284 | ||
|
|
155e21e729 |
@@ -0,0 +1,21 @@
|
||||
class Element extends @element {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Trap extends @trap {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Tag extends @tag {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
from Element e, Trap trap
|
||||
where
|
||||
in_trap_or_tag(e, trap)
|
||||
or
|
||||
exists(Tag tag |
|
||||
in_trap_or_tag(e, tag) and
|
||||
trap_uses_tag(trap, tag)
|
||||
)
|
||||
select e, trap
|
||||
2545
cpp/downgrades/770002bb02322e04fa25345838ce6e82af285a0b/old.dbscheme
Normal file
2545
cpp/downgrades/770002bb02322e04fa25345838ce6e82af285a0b/old.dbscheme
Normal file
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,13 @@
|
||||
class SourceFile extends @source_file {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Trap extends @trap {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
from SourceFile source_file, string name, Trap trap
|
||||
where
|
||||
source_file_uses_trap(source_file, trap) and
|
||||
source_file_name(source_file, name)
|
||||
select name, trap
|
||||
@@ -0,0 +1,8 @@
|
||||
description: Add source_file_name
|
||||
compatibility: backwards
|
||||
source_file_uses_trap.rel: run source_file_uses_trap.ql
|
||||
source_file_name.rel: delete
|
||||
tag_name.rel: delete
|
||||
trap_uses_tag.rel: delete
|
||||
in_trap.rel: run in_trap.ql
|
||||
in_trap_or_tag.rel: delete
|
||||
@@ -1,122 +1,61 @@
|
||||
/**
|
||||
* Defines entity discard predicates for C++ overlay analysis.
|
||||
*/
|
||||
|
||||
private import OverlayXml
|
||||
|
||||
/**
|
||||
* Holds always for the overlay variant and never for the base variant.
|
||||
* This local predicate is used to define local predicates that behave
|
||||
* differently for the base and overlay variant.
|
||||
*/
|
||||
overlay[local]
|
||||
predicate isOverlay() { databaseMetadata("isOverlay", "true") }
|
||||
|
||||
overlay[local]
|
||||
private string getLocationFilePath(@location_default loc) {
|
||||
exists(@file file | locations_default(loc, file, _, _, _, _) | files(file, result))
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the file path for an element with a single location.
|
||||
* Holds if TRAP file or tag `t` is reachable from a source file named
|
||||
* `source_file` in the given variant (base or overlay).
|
||||
*/
|
||||
overlay[local]
|
||||
private string getSingleLocationFilePath(@element e) {
|
||||
exists(@location_default loc |
|
||||
var_decls(e, _, _, _, loc)
|
||||
or
|
||||
fun_decls(e, _, _, _, loc)
|
||||
or
|
||||
type_decls(e, _, loc)
|
||||
or
|
||||
namespace_decls(e, _, loc, _)
|
||||
or
|
||||
macroinvocations(e, _, loc, _)
|
||||
or
|
||||
preprocdirects(e, _, loc)
|
||||
or
|
||||
diagnostics(e, _, _, _, _, loc)
|
||||
or
|
||||
usings(e, _, loc, _)
|
||||
or
|
||||
static_asserts(e, _, _, loc, _)
|
||||
or
|
||||
derivations(e, _, _, _, loc)
|
||||
or
|
||||
frienddecls(e, _, _, loc)
|
||||
or
|
||||
comments(e, _, loc)
|
||||
or
|
||||
exprs(e, _, loc)
|
||||
or
|
||||
stmts(e, _, loc)
|
||||
or
|
||||
initialisers(e, _, _, loc)
|
||||
or
|
||||
attributes(e, _, _, _, loc)
|
||||
or
|
||||
attribute_args(e, _, _, _, loc)
|
||||
or
|
||||
namequalifiers(e, _, _, loc)
|
||||
or
|
||||
enumconstants(e, _, _, _, _, loc)
|
||||
or
|
||||
type_mentions(e, _, loc, _)
|
||||
or
|
||||
lambda_capture(e, _, _, _, _, _, loc)
|
||||
or
|
||||
concept_templates(e, _, loc)
|
||||
|
|
||||
result = getLocationFilePath(loc)
|
||||
private predicate locally_reachable_trap_or_tag(boolean is_overlay, string source_file, @trap_or_tag t) {
|
||||
exists(@source_file sf, string source_file_raw, @trap trap |
|
||||
(if isOverlay() then is_overlay = true else is_overlay = false) and
|
||||
source_file_uses_trap(sf, trap) and
|
||||
source_file_name(sf, source_file_raw) and
|
||||
source_file = source_file_raw.replaceAll("\\", "/") and
|
||||
(t = trap or trap_uses_tag(trap, t))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Gets the file path for an element with potentially multiple locations.
|
||||
* Holds if element `e` is defined in TRAP file or tag `t` in the given
|
||||
* variant (base or overlay).
|
||||
*/
|
||||
overlay[local]
|
||||
private string getMultiLocationFilePath(@element e) {
|
||||
exists(@location_default loc |
|
||||
var_decls(_, e, _, _, loc)
|
||||
or
|
||||
fun_decls(_, e, _, _, loc)
|
||||
or
|
||||
type_decls(_, e, loc)
|
||||
or
|
||||
namespace_decls(_, e, loc, _)
|
||||
|
|
||||
result = getLocationFilePath(loc)
|
||||
)
|
||||
private predicate locally_in_trap_or_tag(boolean is_overlay, @element e, @trap_or_tag t) {
|
||||
(if isOverlay() then is_overlay = true else is_overlay = false) and
|
||||
in_trap_or_tag(e, t)
|
||||
}
|
||||
|
||||
/**
|
||||
* A local helper predicate that holds in the base variant and never in the
|
||||
* overlay variant.
|
||||
*/
|
||||
overlay[local]
|
||||
private predicate isBase() { not isOverlay() }
|
||||
|
||||
/**
|
||||
* Holds if `path` was extracted in the overlay database.
|
||||
*/
|
||||
overlay[local]
|
||||
private predicate overlayHasFile(string path) {
|
||||
isOverlay() and
|
||||
files(_, path) and
|
||||
path != ""
|
||||
}
|
||||
|
||||
/**
|
||||
* Discards an element from the base variant if:
|
||||
* - It has a single location in a file extracted in the overlay, or
|
||||
* - All of its locations are in files extracted in the overlay.
|
||||
* Holds if element `e` from the base variant should be discarded because
|
||||
* it has been redefined or is no longer reachable in the overlay.
|
||||
*/
|
||||
overlay[discard_entity]
|
||||
private predicate discardElement(@element e) {
|
||||
isBase() and
|
||||
(
|
||||
overlayHasFile(getSingleLocationFilePath(e))
|
||||
or
|
||||
forex(string path | path = getMultiLocationFilePath(e) | overlayHasFile(path))
|
||||
private predicate discard_element(@element e) {
|
||||
// If we don't have any knowledge about what TRAP file something
|
||||
// is in, then we don't want to discard it, so we only consider
|
||||
// entities that are known to be in a base TRAP file.
|
||||
locally_in_trap_or_tag(false, e, _) and
|
||||
// Anything that is reachable from an overlay source file should
|
||||
// not be discarded.
|
||||
not exists(@trap_or_tag t | locally_in_trap_or_tag(true, e, t) |
|
||||
locally_reachable_trap_or_tag(true, _, t)
|
||||
) and
|
||||
// Finally, we have to make sure that base shouldn't retain it.
|
||||
// If it is reachable from a base source file, then that is
|
||||
// sufficient unless either the base source file has changed (in
|
||||
// particular, been deleted) or the overlay has redefined the TRAP
|
||||
// file it is in.
|
||||
forall(@trap_or_tag t, string source_file |
|
||||
locally_in_trap_or_tag(false, e, t) and
|
||||
locally_reachable_trap_or_tag(false, source_file, t)
|
||||
|
|
||||
overlayChangedFiles(source_file) or
|
||||
locally_reachable_trap_or_tag(true, _, t)
|
||||
)
|
||||
}
|
||||
|
||||
@@ -245,6 +245,25 @@ trap_filename(
|
||||
string filename: string ref
|
||||
);
|
||||
|
||||
/**
|
||||
* Gives the tag name for `tag`.
|
||||
* For debugging only.
|
||||
*/
|
||||
tag_name(
|
||||
int tag: @tag,
|
||||
string name: string ref
|
||||
);
|
||||
|
||||
@trap_or_tag = @tag | @trap;
|
||||
|
||||
/**
|
||||
* Gives the name for the source file.
|
||||
*/
|
||||
source_file_name(
|
||||
int sf: @source_file,
|
||||
string name: string ref
|
||||
);
|
||||
|
||||
/**
|
||||
* In `build-mode: none` overlay mode, indicates that `source_file`
|
||||
* (`/path/to/foo.c`) uses the TRAP file `trap_file`; i.e. it is the
|
||||
@@ -252,16 +271,25 @@ trap_filename(
|
||||
* includes, or a template instantiation it transitively uses.
|
||||
*/
|
||||
source_file_uses_trap(
|
||||
string source_file: string ref,
|
||||
int source_file: @source_file ref,
|
||||
int trap_file: @trap ref
|
||||
);
|
||||
|
||||
/**
|
||||
* Holds if there is a definition of `element` in TRAP file `trap_file`.
|
||||
* In `build-mode: none` overlay mode, indicates that the TRAP file
|
||||
* `trap_file` uses tag `tag`.
|
||||
*/
|
||||
in_trap(
|
||||
trap_uses_tag(
|
||||
int trap_file: @trap ref,
|
||||
int tag: @tag ref
|
||||
);
|
||||
|
||||
/**
|
||||
* Holds if there is a definition of `element` in TRAP file or tag `t`.
|
||||
*/
|
||||
in_trap_or_tag(
|
||||
int element: @element ref,
|
||||
int trap_file: @trap ref
|
||||
int t: @trap_or_tag ref
|
||||
);
|
||||
|
||||
pch_uses(
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,11 @@
|
||||
class Element extends @element {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Trap extends @trap {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
from Element e, Trap trap
|
||||
where in_trap(e, trap)
|
||||
select e, trap
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -0,0 +1,22 @@
|
||||
newtype TSourceFile = MkSourceFile(string name) { source_file_uses_trap(name, _) }
|
||||
|
||||
module FreshSourceFile = QlBuiltins::NewEntity<TSourceFile>;
|
||||
|
||||
class SourceFile extends FreshSourceFile::EntityId {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
class Trap extends @trap {
|
||||
string toString() { none() }
|
||||
}
|
||||
|
||||
query predicate mk_source_file_name(SourceFile source_file, string name) {
|
||||
source_file = FreshSourceFile::map(MkSourceFile(name))
|
||||
}
|
||||
|
||||
query predicate mk_source_file_uses_trap(SourceFile source_file, Trap trap) {
|
||||
exists(string name |
|
||||
source_file_uses_trap(name, trap) and
|
||||
mk_source_file_name(source_file, name)
|
||||
)
|
||||
}
|
||||
@@ -0,0 +1,6 @@
|
||||
description: Add source_file_name
|
||||
compatibility: backwards
|
||||
source_file_uses_trap.rel: run source_files.ql mk_source_file_uses_trap
|
||||
source_file_name.rel: run source_files.ql mk_source_file_name
|
||||
in_trap.rel: delete
|
||||
in_trap_or_tag.rel: run in_trap_or_tag.ql
|
||||
@@ -1,4 +0,0 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Added modeling for the Micronaut framework, including HTTP controllers, WebSocket endpoints, configuration injection, data access, security annotations, and HTTP client sinks.
|
||||
@@ -1,33 +0,0 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
# HttpClient.toBlocking() returns BlockingHttpClient; retrieve/exchange with String URL are SSRF sinks
|
||||
- ["io.micronaut.http.client", "BlockingHttpClient", True, "retrieve", "(String)", "", "Argument[0]", "request-forgery", "manual"]
|
||||
- ["io.micronaut.http.client", "BlockingHttpClient", True, "retrieve", "(String,Class)", "", "Argument[0]", "request-forgery", "manual"]
|
||||
- ["io.micronaut.http.client", "BlockingHttpClient", True, "exchange", "(String)", "", "Argument[0]", "request-forgery", "manual"]
|
||||
- ["io.micronaut.http.client", "BlockingHttpClient", True, "exchange", "(String,Class)", "", "Argument[0]", "request-forgery", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
# HttpClient.toBlocking() taint propagation
|
||||
- ["io.micronaut.http.client", "HttpClient", True, "toBlocking", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
# HttpRequest.GET/POST/PUT/DELETE/PATCH factory methods propagate URI taint
|
||||
- ["io.micronaut.http", "HttpRequest", True, "GET", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "POST", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "PUT", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "DELETE", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "PATCH", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "HEAD", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "OPTIONS", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
# UriBuilder taint propagation
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "of", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "host", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "path", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "queryParam", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "queryParam", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "fragment", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.uri", "UriBuilder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
@@ -1,38 +0,0 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getBody", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getHeaders", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getParameters", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getCookies", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getUri", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getPath", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getContentType", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getContentLength", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http", "HttpRequest", True, "getMethodName", "", "", "ReturnValue", "remote", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["io.micronaut.http", "HttpHeaders", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpHeaders", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpHeaders", True, "getFirst", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpHeaders", True, "values", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpParameters", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpParameters", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http", "HttpParameters", True, "getFirst", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookies", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookies", True, "getAll", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookies", True, "findCookie", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookie", True, "getValue", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookie", True, "getName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookie", True, "getDomain", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["io.micronaut.http.cookie", "Cookie", True, "getPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: sinkModel
|
||||
data:
|
||||
- ["io.micronaut.http", "MutableHttpResponse", True, "header", "(CharSequence,CharSequence)", "", "Argument[1]", "response-splitting", "manual"]
|
||||
- ["io.micronaut.http", "HttpResponse", True, "redirect", "(URI)", "", "Argument[0]", "url-redirection", "manual"]
|
||||
@@ -1,10 +0,0 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: sourceModel
|
||||
data:
|
||||
- ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getBytes", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getInputStream", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getFilename", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getContentType", "", "", "ReturnValue", "remote", "manual"]
|
||||
- ["io.micronaut.http.multipart", "CompletedFileUpload", True, "getSize", "", "", "ReturnValue", "remote", "manual"]
|
||||
@@ -30,9 +30,6 @@ import semmle.code.java.frameworks.Guice
|
||||
import semmle.code.java.frameworks.struts.StrutsActions
|
||||
import semmle.code.java.frameworks.Thrift
|
||||
import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
|
||||
import semmle.code.java.frameworks.micronaut.MicronautController
|
||||
import semmle.code.java.frameworks.micronaut.MicronautWebSocket
|
||||
import semmle.code.java.frameworks.micronaut.MicronautConfig
|
||||
private import semmle.code.java.dataflow.ExternalFlow
|
||||
private import codeql.threatmodels.ThreatModels
|
||||
|
||||
@@ -190,38 +187,6 @@ private class AndroidExternalStorageSource extends RemoteFlowSource {
|
||||
override string getSourceType() { result = "Android external storage" }
|
||||
}
|
||||
|
||||
private class MicronautHttpInputParameterSource extends RemoteFlowSource {
|
||||
MicronautHttpInputParameterSource() {
|
||||
this.asParameter() = any(MicronautRequestMappingParameter mrmp | mrmp.isTaintedInput())
|
||||
}
|
||||
|
||||
override string getSourceType() { result = "Micronaut HTTP input parameter" }
|
||||
}
|
||||
|
||||
private class MicronautWebSocketParameterSource extends RemoteFlowSource {
|
||||
MicronautWebSocketParameterSource() { this.asParameter() instanceof MicronautWebSocketParameter }
|
||||
|
||||
override string getSourceType() { result = "Micronaut WebSocket parameter" }
|
||||
}
|
||||
|
||||
private class MicronautConfigSource extends LocalUserInput {
|
||||
MicronautConfigSource() {
|
||||
this.asExpr() = any(MicronautConfigField f).getAnAccess()
|
||||
or
|
||||
this.asParameter() instanceof MicronautConfigParameter
|
||||
}
|
||||
|
||||
override string getThreatModel() { result = "environment" }
|
||||
}
|
||||
|
||||
private class MicronautErrorHandlerSource extends RemoteFlowSource {
|
||||
MicronautErrorHandlerSource() {
|
||||
this.asParameter() = any(MicronautErrorHandler h).getARemoteParameter()
|
||||
}
|
||||
|
||||
override string getSourceType() { result = "Micronaut error handler parameter" }
|
||||
}
|
||||
|
||||
/** Class for `tainted` user input. */
|
||||
abstract class UserInput extends SourceNode { }
|
||||
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
/** Provides classes for identifying Micronaut configuration injection sources. */
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
|
||||
/** The annotation type `@Value` from `io.micronaut.context.annotation`. */
|
||||
class MicronautValueAnnotation extends AnnotationType {
|
||||
MicronautValueAnnotation() { this.hasQualifiedName("io.micronaut.context.annotation", "Value") }
|
||||
}
|
||||
|
||||
/** The annotation type `@Property` from `io.micronaut.context.annotation`. */
|
||||
class MicronautPropertyAnnotation extends AnnotationType {
|
||||
MicronautPropertyAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.context.annotation", "Property")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A field annotated with Micronaut's `@Value` or `@Property` annotation,
|
||||
* representing an injected configuration value.
|
||||
*/
|
||||
class MicronautConfigField extends Field {
|
||||
MicronautConfigField() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautValueAnnotation
|
||||
or
|
||||
this.getAnAnnotation().getType() instanceof MicronautPropertyAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A parameter annotated with Micronaut's `@Value` or `@Property` annotation,
|
||||
* representing an injected configuration value.
|
||||
*/
|
||||
class MicronautConfigParameter extends Parameter {
|
||||
MicronautConfigParameter() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautValueAnnotation
|
||||
or
|
||||
this.getAnAnnotation().getType() instanceof MicronautPropertyAnnotation
|
||||
}
|
||||
}
|
||||
@@ -1,142 +0,0 @@
|
||||
/**
|
||||
* Provides classes for identifying Micronaut HTTP controllers and their request handling methods.
|
||||
*/
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
|
||||
/** An annotation type that identifies Micronaut controllers. */
|
||||
class MicronautControllerAnnotation extends AnnotationType {
|
||||
MicronautControllerAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.http.annotation", "Controller")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated as a Micronaut `@Controller`.
|
||||
*/
|
||||
class MicronautController extends Class {
|
||||
MicronautController() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautControllerAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/** An annotation type that identifies Micronaut HTTP method mappings. */
|
||||
class MicronautHttpMethodAnnotation extends AnnotationType {
|
||||
MicronautHttpMethodAnnotation() {
|
||||
this.getPackage().hasName("io.micronaut.http.annotation") and
|
||||
this.hasName([
|
||||
"Get", "Post", "Put", "Delete", "Patch", "Head", "Options", "Trace", "CustomHttpMethod"
|
||||
])
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A method on a Micronaut controller that is executed in response to an HTTP request.
|
||||
*/
|
||||
class MicronautRequestMappingMethod extends Method {
|
||||
MicronautRequestMappingMethod() {
|
||||
this.getDeclaringType() instanceof MicronautController and
|
||||
this.getAnAnnotation().getType() instanceof MicronautHttpMethodAnnotation
|
||||
}
|
||||
|
||||
/** Gets a request mapping parameter. */
|
||||
MicronautRequestMappingParameter getARequestParameter() { result = this.getAParameter() }
|
||||
}
|
||||
|
||||
/** A Micronaut annotation indicating remote user input from HTTP requests. */
|
||||
class MicronautHttpInputAnnotation extends Annotation {
|
||||
MicronautHttpInputAnnotation() {
|
||||
exists(AnnotationType a |
|
||||
a = this.getType() and
|
||||
a.getPackage().hasName("io.micronaut.http.annotation")
|
||||
|
|
||||
a.hasName([
|
||||
"PathVariable", "QueryValue", "Body", "Header", "CookieValue", "Part", "RequestAttribute"
|
||||
])
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/** A parameter of a `MicronautRequestMappingMethod`. */
|
||||
class MicronautRequestMappingParameter extends Parameter {
|
||||
MicronautRequestMappingParameter() { this.getCallable() instanceof MicronautRequestMappingMethod }
|
||||
|
||||
/** Holds if the parameter should not be considered a direct source of taint. */
|
||||
predicate isNotDirectlyTaintedInput() {
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("io.micronaut.http", "HttpResponse")
|
||||
or
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("io.micronaut.http", "MutableHttpResponse")
|
||||
or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal")
|
||||
or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "Locale")
|
||||
or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.util", "TimeZone")
|
||||
or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.time", "ZoneId")
|
||||
or
|
||||
// @Value/@Property parameters are configuration injection, not HTTP input
|
||||
this.getAnAnnotation()
|
||||
.getType()
|
||||
.hasQualifiedName("io.micronaut.context.annotation", ["Value", "Property"])
|
||||
}
|
||||
|
||||
private predicate isExplicitlyTaintedInput() {
|
||||
// The MicronautHttpInputAnnotation allows access to the URI path,
|
||||
// request parameters, cookie values, headers, and the body of the request.
|
||||
this.getAnAnnotation() instanceof MicronautHttpInputAnnotation
|
||||
or
|
||||
// A @RequestBean parameter binds multiple request attributes into a POJO
|
||||
this.getAnAnnotation().getType() instanceof MicronautRequestBeanAnnotation
|
||||
or
|
||||
// An HttpRequest parameter provides access to request data
|
||||
this.getType()
|
||||
.(RefType)
|
||||
.getASourceSupertype*()
|
||||
.hasQualifiedName("io.micronaut.http", "HttpRequest")
|
||||
or
|
||||
// InputStream or Reader parameters allow access to the body of a request
|
||||
this.getType().(RefType).getAnAncestor() instanceof TypeInputStream
|
||||
or
|
||||
this.getType().(RefType).getAnAncestor().hasQualifiedName("java.io", "Reader")
|
||||
}
|
||||
|
||||
/** Holds if the input is tainted (i.e. comes from user-controlled input). */
|
||||
predicate isTaintedInput() {
|
||||
this.isExplicitlyTaintedInput()
|
||||
or
|
||||
not this.isNotDirectlyTaintedInput()
|
||||
}
|
||||
}
|
||||
|
||||
/** An annotation type that identifies Micronaut error handler methods. */
|
||||
class MicronautErrorAnnotation extends AnnotationType {
|
||||
MicronautErrorAnnotation() { this.hasQualifiedName("io.micronaut.http.annotation", "Error") }
|
||||
}
|
||||
|
||||
/** A method annotated with Micronaut's `@Error` that handles exceptions. */
|
||||
class MicronautErrorHandler extends Method {
|
||||
MicronautErrorHandler() { this.getAnAnnotation().getType() instanceof MicronautErrorAnnotation }
|
||||
|
||||
/** Gets a parameter that carries user-controlled request data. */
|
||||
Parameter getARemoteParameter() {
|
||||
result = this.getAParameter() and
|
||||
result
|
||||
.getType()
|
||||
.(RefType)
|
||||
.getASourceSupertype*()
|
||||
.hasQualifiedName("io.micronaut.http", "HttpRequest")
|
||||
}
|
||||
}
|
||||
|
||||
/** An annotation type that identifies Micronaut request bean parameters. */
|
||||
class MicronautRequestBeanAnnotation extends AnnotationType {
|
||||
MicronautRequestBeanAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.http.annotation", "RequestBean")
|
||||
}
|
||||
}
|
||||
@@ -1,32 +0,0 @@
|
||||
/** Provides classes for identifying Micronaut Data repositories and query annotations. */
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* The annotation type `@Query` from `io.micronaut.data.annotation`.
|
||||
*/
|
||||
class MicronautQueryAnnotation extends AnnotationType {
|
||||
MicronautQueryAnnotation() { this.hasQualifiedName("io.micronaut.data.annotation", "Query") }
|
||||
}
|
||||
|
||||
/**
|
||||
* The annotation type `@Repository` from `io.micronaut.data.annotation`.
|
||||
*/
|
||||
class MicronautRepositoryAnnotation extends AnnotationType {
|
||||
MicronautRepositoryAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.data.annotation", "Repository")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated with Micronaut's `@Repository` annotation.
|
||||
*/
|
||||
class MicronautRepositoryClass extends RefType {
|
||||
MicronautRepositoryClass() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautRepositoryAnnotation
|
||||
or
|
||||
this.getAnAncestor().hasQualifiedName("io.micronaut.data.repository", "GenericRepository")
|
||||
}
|
||||
}
|
||||
@@ -1,38 +0,0 @@
|
||||
/**
|
||||
* Provides classes for identifying Micronaut Security annotations.
|
||||
*
|
||||
* Micronaut Security provides the `@Secured` annotation and integrates
|
||||
* with standard `@RolesAllowed` for method-level access control.
|
||||
*/
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* The annotation type `@Secured` from `io.micronaut.security.annotation`.
|
||||
*/
|
||||
class MicronautSecuredAnnotation extends AnnotationType {
|
||||
MicronautSecuredAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.security.annotation", "Secured")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A callable (method or constructor) that is annotated with Micronaut's `@Secured`
|
||||
* annotation, either directly or via its declaring type.
|
||||
*/
|
||||
class MicronautSecuredCallable extends Callable {
|
||||
MicronautSecuredCallable() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautSecuredAnnotation
|
||||
or
|
||||
this.getDeclaringType().getAnAnnotation().getType() instanceof MicronautSecuredAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated with Micronaut's `@Secured` annotation.
|
||||
*/
|
||||
class MicronautSecuredClass extends Class {
|
||||
MicronautSecuredClass() { this.getAnAnnotation().getType() instanceof MicronautSecuredAnnotation }
|
||||
}
|
||||
@@ -1,53 +0,0 @@
|
||||
/** Provides classes for identifying Micronaut WebSocket endpoints. */
|
||||
overlay[local?]
|
||||
module;
|
||||
|
||||
import java
|
||||
|
||||
/**
|
||||
* The annotation type `@ServerWebSocket` from `io.micronaut.websocket.annotation`.
|
||||
*/
|
||||
class MicronautServerWebSocketAnnotation extends AnnotationType {
|
||||
MicronautServerWebSocketAnnotation() {
|
||||
this.hasQualifiedName("io.micronaut.websocket.annotation", "ServerWebSocket")
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A class annotated with `@ServerWebSocket`, representing a Micronaut WebSocket endpoint.
|
||||
*/
|
||||
class MicronautServerWebSocketClass extends Class {
|
||||
MicronautServerWebSocketClass() {
|
||||
this.getAnAnnotation().getType() instanceof MicronautServerWebSocketAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/** An annotation type for Micronaut WebSocket message handler methods. */
|
||||
class MicronautWebSocketHandlerAnnotation extends AnnotationType {
|
||||
MicronautWebSocketHandlerAnnotation() {
|
||||
this.getPackage().hasName("io.micronaut.websocket.annotation") and
|
||||
this.hasName(["OnMessage", "OnOpen"])
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A method on a Micronaut `@ServerWebSocket` class that handles WebSocket messages.
|
||||
*/
|
||||
class MicronautWebSocketMessageHandler extends Method {
|
||||
MicronautWebSocketMessageHandler() {
|
||||
this.getDeclaringType() instanceof MicronautServerWebSocketClass and
|
||||
this.getAnAnnotation().getType() instanceof MicronautWebSocketHandlerAnnotation
|
||||
}
|
||||
}
|
||||
|
||||
/** A parameter of a Micronaut WebSocket message handler that receives user-controlled data. */
|
||||
class MicronautWebSocketParameter extends Parameter {
|
||||
MicronautWebSocketParameter() {
|
||||
this.getCallable() instanceof MicronautWebSocketMessageHandler and
|
||||
// Exclude WebSocketSession parameters
|
||||
not this.getType()
|
||||
.(RefType)
|
||||
.getAnAncestor()
|
||||
.hasQualifiedName("io.micronaut.websocket", "WebSocketSession")
|
||||
}
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
import io.micronaut.context.annotation.Value;
|
||||
import io.micronaut.context.annotation.Property;
|
||||
import io.micronaut.http.annotation.*;
|
||||
|
||||
@Controller("/config")
|
||||
class MicronautConfig {
|
||||
|
||||
private static void sink(Object o) {}
|
||||
|
||||
@Value("${app.secret}")
|
||||
String secretValue;
|
||||
|
||||
@Property(name = "app.api-key")
|
||||
String apiKey;
|
||||
|
||||
@Get("/secret")
|
||||
void testValueField() {
|
||||
sink(secretValue); // $hasLocalValueFlow
|
||||
}
|
||||
|
||||
@Get("/key")
|
||||
void testPropertyField() {
|
||||
sink(apiKey); // $hasLocalValueFlow
|
||||
}
|
||||
|
||||
@Get("/param")
|
||||
void testValueParam(@Value("${app.name}") String appName) {
|
||||
sink(appName); // $hasLocalValueFlow
|
||||
}
|
||||
}
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/micronaut-4.x
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
|
||||
@@ -1,30 +0,0 @@
|
||||
import io.micronaut.context.annotation.Value;
|
||||
import io.micronaut.context.annotation.Property;
|
||||
import io.micronaut.http.annotation.*;
|
||||
|
||||
@Controller("/config")
|
||||
class MicronautConfigTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
@Value("${app.secret}")
|
||||
String secretValue;
|
||||
|
||||
@Property(name = "app.api-key")
|
||||
String apiKey;
|
||||
|
||||
@Get("/secret")
|
||||
void testValueField() {
|
||||
sink(secretValue);
|
||||
}
|
||||
|
||||
@Get("/key")
|
||||
void testPropertyField() {
|
||||
sink(apiKey);
|
||||
}
|
||||
|
||||
@Get("/param")
|
||||
void testValueParam(@Value("${app.name}") String appName) {
|
||||
sink(appName);
|
||||
}
|
||||
}
|
||||
@@ -1,95 +0,0 @@
|
||||
import io.micronaut.http.annotation.*;
|
||||
import io.micronaut.http.*;
|
||||
import java.io.InputStream;
|
||||
import java.io.Reader;
|
||||
|
||||
@Controller("/test")
|
||||
class MicronautControllerTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
@Get("/path/{id}")
|
||||
void testPathVariable(@PathVariable String id) {
|
||||
sink(id); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/query")
|
||||
void testQueryValue(@QueryValue String name) {
|
||||
sink(name); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/body")
|
||||
void testBody(@Body String body) {
|
||||
sink(body); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/header")
|
||||
void testHeader(@Header String authorization) {
|
||||
sink(authorization); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/cookie")
|
||||
void testCookieValue(@CookieValue String sessionId) {
|
||||
sink(sessionId); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/part")
|
||||
void testPart(@Part String name) {
|
||||
sink(name); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/attr")
|
||||
void testRequestAttribute(@RequestAttribute String attr) {
|
||||
sink(attr); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/bean")
|
||||
void testRequestBean(@RequestBean Object bean) {
|
||||
sink(bean); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/implicit")
|
||||
void testImplicitParam(String implicitParam) {
|
||||
sink(implicitParam); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/request")
|
||||
void testHttpRequest(HttpRequest<String> request) {
|
||||
sink(request); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/stream")
|
||||
void testInputStream(InputStream stream) {
|
||||
sink(stream); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/reader")
|
||||
void testReader(Reader reader) {
|
||||
sink(reader); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/post")
|
||||
void testPostMethod(@Body String data) {
|
||||
sink(data); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Put("/put")
|
||||
void testPutMethod(@Body String data) {
|
||||
sink(data); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Delete("/delete/{id}")
|
||||
void testDeleteMethod(@PathVariable String id) {
|
||||
sink(id); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Patch("/patch")
|
||||
void testPatchMethod(@Body String data) {
|
||||
sink(data); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@io.micronaut.http.annotation.Error
|
||||
void testErrorHandler(HttpRequest<?> request) {
|
||||
sink(request); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
import io.micronaut.http.annotation.*;
|
||||
import io.micronaut.http.multipart.CompletedFileUpload;
|
||||
import java.io.IOException;
|
||||
|
||||
@Controller("/upload")
|
||||
class MicronautFileUploadTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
@Post("/file")
|
||||
void testFileUpload(CompletedFileUpload file) throws IOException {
|
||||
sink(file.getFilename()); // $hasTaintFlow
|
||||
sink(file.getBytes()); // $hasTaintFlow
|
||||
sink(file.getInputStream()); // $hasTaintFlow
|
||||
sink(file.getContentType()); // $hasTaintFlow
|
||||
sink(file.getSize()); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
@@ -1,106 +0,0 @@
|
||||
import io.micronaut.http.*;
|
||||
import io.micronaut.http.client.HttpClient;
|
||||
import io.micronaut.http.client.BlockingHttpClient;
|
||||
import io.micronaut.http.uri.UriBuilder;
|
||||
import java.net.URI;
|
||||
|
||||
class MicronautHttpClientTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
String taint() {
|
||||
return null;
|
||||
}
|
||||
|
||||
HttpClient client;
|
||||
|
||||
void testRetrieveString() {
|
||||
String url = taint();
|
||||
client.toBlocking().retrieve(url); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testRetrieveStringClass() {
|
||||
String url = taint();
|
||||
client.toBlocking().retrieve(url, String.class); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testExchangeString() {
|
||||
String url = taint();
|
||||
client.toBlocking().exchange(url); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testExchangeStringClass() {
|
||||
String url = taint();
|
||||
client.toBlocking().exchange(url, String.class); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testGetFactory() {
|
||||
HttpRequest<?> req = HttpRequest.GET(taint());
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testPostFactory() {
|
||||
HttpRequest<?> req = HttpRequest.POST(taint(), "body");
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testPutFactory() {
|
||||
HttpRequest<?> req = HttpRequest.PUT(taint(), "body");
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testDeleteFactory() {
|
||||
HttpRequest<?> req = HttpRequest.DELETE(taint());
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testPatchFactory() {
|
||||
HttpRequest<?> req = HttpRequest.PATCH(taint(), "body");
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testHeadFactory() {
|
||||
HttpRequest<?> req = HttpRequest.HEAD(taint());
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testOptionsFactory() {
|
||||
HttpRequest<?> req = HttpRequest.OPTIONS(taint());
|
||||
sink(req); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderOfCharSequence() {
|
||||
URI uri = UriBuilder.of(taint()).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderOfUri() {
|
||||
URI uri = UriBuilder.of(URI.create(taint())).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderHost() {
|
||||
URI uri = UriBuilder.of("http://example.com").host(taint()).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderPath() {
|
||||
URI uri = UriBuilder.of("http://example.com").path(taint()).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderQueryParamName() {
|
||||
URI uri = UriBuilder.of("http://example.com").queryParam(taint(), "value").build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderQueryParamValue() {
|
||||
URI uri = UriBuilder.of("http://example.com").queryParam("key", taint()).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
|
||||
void testUriBuilderFragment() {
|
||||
URI uri = UriBuilder.of("http://example.com").fragment(taint()).build();
|
||||
sink(uri); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
@@ -1,67 +0,0 @@
|
||||
import io.micronaut.http.annotation.*;
|
||||
import io.micronaut.http.*;
|
||||
import io.micronaut.http.cookie.*;
|
||||
|
||||
@Controller("/http")
|
||||
class MicronautHttpRequestTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
@Get("/headers")
|
||||
void testHeaders(HttpRequest<?> request) {
|
||||
sink(request.getHeaders()); // $hasTaintFlow
|
||||
sink(request.getHeaders().get("X-Custom")); // $hasTaintFlow
|
||||
sink(request.getHeaders().getAll("X-Custom")); // $hasTaintFlow
|
||||
sink(request.getHeaders().getFirst("X-Custom")); // $hasTaintFlow
|
||||
sink(request.getHeaders().values()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/params")
|
||||
void testParameters(HttpRequest<?> request) {
|
||||
sink(request.getParameters()); // $hasTaintFlow
|
||||
sink(request.getParameters().get("q")); // $hasTaintFlow
|
||||
sink(request.getParameters().getAll("q")); // $hasTaintFlow
|
||||
sink(request.getParameters().getFirst("q")); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/cookies")
|
||||
void testCookies(HttpRequest<?> request) {
|
||||
sink(request.getCookies()); // $hasTaintFlow
|
||||
Cookie cookie = request.getCookies().get("session");
|
||||
sink(cookie); // $hasTaintFlow
|
||||
sink(cookie.getValue()); // $hasTaintFlow
|
||||
sink(cookie.getName()); // $hasTaintFlow
|
||||
sink(cookie.getDomain()); // $hasTaintFlow
|
||||
sink(cookie.getPath()); // $hasTaintFlow
|
||||
sink(request.getCookies().getAll()); // $hasTaintFlow
|
||||
sink(request.getCookies().findCookie("session")); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/uri")
|
||||
void testUri(HttpRequest<?> request) {
|
||||
sink(request.getUri()); // $hasTaintFlow
|
||||
sink(request.getPath()); // $hasTaintFlow
|
||||
sink(request.getMethodName()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Post("/body")
|
||||
void testBody(HttpRequest<String> request) {
|
||||
sink(request.getBody()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/content")
|
||||
void testContent(HttpRequest<?> request) {
|
||||
sink(request.getContentType()); // $hasTaintFlow
|
||||
sink(request.getContentLength()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/redirect")
|
||||
HttpResponse<?> testRedirect(HttpRequest<?> request) {
|
||||
return HttpResponse.redirect(request.getUri()); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@Get("/header-set")
|
||||
HttpResponse<?> testHeaderSplitting(HttpRequest<?> request) {
|
||||
return HttpResponse.ok().header("X-Custom", request.getHeaders().get("User-Input")); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
import io.micronaut.websocket.annotation.*;
|
||||
import io.micronaut.websocket.WebSocketSession;
|
||||
|
||||
@ServerWebSocket("/chat/{room}")
|
||||
class MicronautWebSocketTest {
|
||||
|
||||
void sink(Object o) {}
|
||||
|
||||
@OnMessage
|
||||
void onMessage(String message, WebSocketSession session) {
|
||||
sink(message); // $hasTaintFlow
|
||||
}
|
||||
|
||||
@OnOpen
|
||||
void onOpen(String room, WebSocketSession session) {
|
||||
sink(room); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
@@ -1,25 +0,0 @@
|
||||
import java
|
||||
import semmle.code.java.security.RequestForgery
|
||||
import semmle.code.java.security.UrlRedirect
|
||||
import semmle.code.java.security.ResponseSplitting
|
||||
import utils.test.InlineFlowTest
|
||||
|
||||
module Config implements DataFlow::ConfigSig {
|
||||
predicate isSource(DataFlow::Node n) {
|
||||
n.asExpr().(MethodCall).getMethod().hasName("taint")
|
||||
or
|
||||
n instanceof ActiveThreatModelSource
|
||||
}
|
||||
|
||||
predicate isSink(DataFlow::Node n) {
|
||||
exists(MethodCall ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
|
||||
or
|
||||
n instanceof RequestForgerySink
|
||||
or
|
||||
n instanceof UrlRedirectSink
|
||||
or
|
||||
n instanceof HeaderSplittingSink
|
||||
}
|
||||
}
|
||||
|
||||
import TaintFlowTest<Config>
|
||||
@@ -1 +0,0 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/micronaut-4.x
|
||||
@@ -1,22 +0,0 @@
|
||||
import io.micronaut.http.annotation.Controller;
|
||||
import io.micronaut.http.annotation.Get;
|
||||
import io.micronaut.http.annotation.QueryValue;
|
||||
import io.micronaut.http.HttpResponse;
|
||||
import io.micronaut.http.MutableHttpResponse;
|
||||
|
||||
@Controller("/headers")
|
||||
public class MicronautResponseSplitting {
|
||||
|
||||
@Get("/bad")
|
||||
public MutableHttpResponse<?> bad(@QueryValue String headerValue) {
|
||||
// BAD: user-controlled header value
|
||||
return HttpResponse.ok().header("X-Custom", headerValue);
|
||||
}
|
||||
|
||||
@Get("/good")
|
||||
public MutableHttpResponse<?> good(@QueryValue String headerValue) {
|
||||
// GOOD: sanitized header value by replacing line breaks
|
||||
String sanitized = headerValue.replace('\n', ' ').replace('\r', ' ');
|
||||
return HttpResponse.ok().header("X-Custom", sanitized);
|
||||
}
|
||||
}
|
||||
@@ -1,25 +1,20 @@
|
||||
#select
|
||||
| MicronautResponseSplitting.java:13:53:13:63 | headerValue | MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | MicronautResponseSplitting.java:13:53:13:63 | headerValue | This header depends on a $@, which may cause a response-splitting vulnerability. | MicronautResponseSplitting.java:11:39:11:68 | headerValue | user-provided value |
|
||||
| ResponseSplitting.java:23:23:23:28 | cookie | ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:23:23:23:28 | cookie | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:22:39:22:66 | getParameter(...) | user-provided value |
|
||||
| ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | ResponseSplitting.java:28:38:28:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:28:38:28:72 | getParameter(...) | user-provided value |
|
||||
| ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | ResponseSplitting.java:29:38:29:72 | getParameter(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:29:38:29:72 | getParameter(...) | user-provided value |
|
||||
| ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | This header depends on a $@, which may cause a response-splitting vulnerability. | ResponseSplitting.java:53:14:53:48 | getParameter(...) | user-provided value |
|
||||
edges
|
||||
| MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | MicronautResponseSplitting.java:13:53:13:63 | headerValue | provenance | Sink:MaD:1 |
|
||||
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:2 |
|
||||
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:4 MaD:6 |
|
||||
| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:4 |
|
||||
| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:5 Sink:MaD:3 |
|
||||
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | ResponseSplitting.java:23:23:23:28 | cookie | provenance | Sink:MaD:1 |
|
||||
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | provenance | Src:MaD:3 MaD:5 |
|
||||
| ResponseSplitting.java:53:14:53:48 | getParameter(...) : String | ResponseSplitting.java:59:27:59:27 | t : String | provenance | Src:MaD:3 |
|
||||
| ResponseSplitting.java:59:27:59:27 | t : String | ResponseSplitting.java:59:27:59:57 | replaceFirst(...) | provenance | MaD:4 Sink:MaD:2 |
|
||||
models
|
||||
| 1 | Sink: io.micronaut.http; MutableHttpResponse; true; header; (CharSequence,CharSequence); ; Argument[1]; response-splitting; manual |
|
||||
| 2 | Sink: javax.servlet.http; HttpServletResponse; false; addCookie; ; ; Argument[0]; response-splitting; manual |
|
||||
| 3 | Sink: javax.servlet.http; HttpServletResponse; false; setHeader; ; ; Argument[0..1]; response-splitting; manual |
|
||||
| 4 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
|
||||
| 5 | Summary: java.lang; String; false; replaceFirst; ; ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 6 | Summary: javax.servlet.http; Cookie; false; Cookie; ; ; Argument[1]; Argument[this]; taint; manual |
|
||||
| 1 | Sink: javax.servlet.http; HttpServletResponse; false; addCookie; ; ; Argument[0]; response-splitting; manual |
|
||||
| 2 | Sink: javax.servlet.http; HttpServletResponse; false; setHeader; ; ; Argument[0..1]; response-splitting; manual |
|
||||
| 3 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
|
||||
| 4 | Summary: java.lang; String; false; replaceFirst; ; ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 5 | Summary: javax.servlet.http; Cookie; false; Cookie; ; ; Argument[1]; Argument[this]; taint; manual |
|
||||
nodes
|
||||
| MicronautResponseSplitting.java:11:39:11:68 | headerValue : String | semmle.label | headerValue : String |
|
||||
| MicronautResponseSplitting.java:13:53:13:63 | headerValue | semmle.label | headerValue |
|
||||
| ResponseSplitting.java:22:20:22:67 | new Cookie(...) : Cookie | semmle.label | new Cookie(...) : Cookie |
|
||||
| ResponseSplitting.java:22:39:22:66 | getParameter(...) : String | semmle.label | getParameter(...) : String |
|
||||
| ResponseSplitting.java:23:23:23:28 | cookie | semmle.label | cookie |
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/micronaut-4.x:${testdir}/../../../../../stubs/servlet-api-2.4
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4
|
||||
|
||||
@@ -1,25 +0,0 @@
|
||||
import io.micronaut.http.annotation.Controller;
|
||||
import io.micronaut.http.annotation.Get;
|
||||
import io.micronaut.http.annotation.QueryValue;
|
||||
import io.micronaut.http.HttpResponse;
|
||||
import io.micronaut.http.MutableHttpResponse;
|
||||
import java.net.URI;
|
||||
|
||||
@Controller("/redirect")
|
||||
public class MicronautUrlRedirect {
|
||||
|
||||
@Get("/bad")
|
||||
public MutableHttpResponse<?> bad(@QueryValue String target) {
|
||||
// BAD: user-controlled redirect target
|
||||
return HttpResponse.redirect(URI.create(target));
|
||||
}
|
||||
|
||||
@Get("/good")
|
||||
public MutableHttpResponse<?> good(@QueryValue String target) {
|
||||
// GOOD: redirect to a fixed URL
|
||||
if ("home".equals(target)) {
|
||||
return HttpResponse.redirect(URI.create("/home"));
|
||||
}
|
||||
return HttpResponse.ok();
|
||||
}
|
||||
}
|
||||
@@ -1,5 +1,4 @@
|
||||
#select
|
||||
| MicronautUrlRedirect.java:14:38:14:55 | create(...) | MicronautUrlRedirect.java:12:39:12:63 | target : String | MicronautUrlRedirect.java:14:38:14:55 | create(...) | Untrusted URL redirection depends on a $@. | MicronautUrlRedirect.java:12:39:12:63 | target | user-provided value |
|
||||
| UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | UrlRedirect2.java:27:25:27:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect2.java:27:25:27:54 | getParameter(...) | user-provided value |
|
||||
| UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | UrlRedirect.java:23:25:23:54 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:23:25:23:54 | getParameter(...) | user-provided value |
|
||||
| UrlRedirect.java:32:25:32:67 | weakCleanup(...) | UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:32:37:32:66 | getParameter(...) | user-provided value |
|
||||
@@ -7,24 +6,17 @@
|
||||
| UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | UrlRedirect.java:42:43:42:72 | getParameter(...) | Untrusted URL redirection depends on a $@. | UrlRedirect.java:42:43:42:72 | getParameter(...) | user-provided value |
|
||||
| mad/Test.java:14:22:14:38 | (...)... | mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:22:14:38 | (...)... | Untrusted URL redirection depends on a $@. | mad/Test.java:9:16:9:41 | getParameter(...) | user-provided value |
|
||||
edges
|
||||
| MicronautUrlRedirect.java:12:39:12:63 | target : String | MicronautUrlRedirect.java:14:49:14:54 | target : String | provenance | |
|
||||
| MicronautUrlRedirect.java:14:49:14:54 | target : String | MicronautUrlRedirect.java:14:38:14:55 | create(...) | provenance | MaD:5 Sink:MaD:1 |
|
||||
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:3 MaD:4 |
|
||||
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:3 |
|
||||
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:32:25:32:67 | weakCleanup(...) | provenance | Src:MaD:2 MaD:3 |
|
||||
| UrlRedirect.java:32:37:32:66 | getParameter(...) : String | UrlRedirect.java:45:28:45:39 | input : String | provenance | Src:MaD:2 |
|
||||
| UrlRedirect.java:45:28:45:39 | input : String | UrlRedirect.java:46:10:46:14 | input : String | provenance | |
|
||||
| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:4 |
|
||||
| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:3 |
|
||||
| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:2 |
|
||||
| UrlRedirect.java:46:10:46:14 | input : String | UrlRedirect.java:46:10:46:40 | replaceAll(...) : String | provenance | MaD:3 |
|
||||
| mad/Test.java:9:16:9:41 | getParameter(...) : String | mad/Test.java:14:31:14:38 | source(...) : String | provenance | Src:MaD:2 |
|
||||
| mad/Test.java:14:31:14:38 | source(...) : String | mad/Test.java:14:22:14:38 | (...)... | provenance | Sink:MaD:1 |
|
||||
models
|
||||
| 1 | Sink: io.micronaut.http; HttpResponse; true; redirect; (URI); ; Argument[0]; url-redirection; manual |
|
||||
| 2 | Sink: org.kohsuke.stapler; HttpResponses; true; redirectTo; (String); ; Argument[0]; url-redirection; ai-manual |
|
||||
| 3 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
|
||||
| 4 | Summary: java.lang; String; false; replaceAll; ; ; Argument[this]; ReturnValue; taint; manual |
|
||||
| 5 | Summary: java.net; URI; false; create; ; ; Argument[0]; ReturnValue; taint; manual |
|
||||
| 1 | Sink: org.kohsuke.stapler; HttpResponses; true; redirectTo; (String); ; Argument[0]; url-redirection; ai-manual |
|
||||
| 2 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual |
|
||||
| 3 | Summary: java.lang; String; false; replaceAll; ; ; Argument[this]; ReturnValue; taint; manual |
|
||||
nodes
|
||||
| MicronautUrlRedirect.java:12:39:12:63 | target : String | semmle.label | target : String |
|
||||
| MicronautUrlRedirect.java:14:38:14:55 | create(...) | semmle.label | create(...) |
|
||||
| MicronautUrlRedirect.java:14:49:14:54 | target : String | semmle.label | target : String |
|
||||
| UrlRedirect2.java:27:25:27:54 | getParameter(...) | semmle.label | getParameter(...) |
|
||||
| UrlRedirect.java:23:25:23:54 | getParameter(...) | semmle.label | getParameter(...) |
|
||||
| UrlRedirect.java:32:25:32:67 | weakCleanup(...) | semmle.label | weakCleanup(...) |
|
||||
|
||||
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/micronaut-4.x:${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0
|
||||
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/servlet-api-2.4:${testdir}/../../../../../stubs/stapler-1.263:${testdir}/../../../../../stubs/javax-servlet-2.5:${testdir}/../../../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../../../stubs/saxon-xqj-9.x:${testdir}/../../../../../stubs/apache-commons-beanutils:${testdir}/../../../../../stubs/dom4j-2.1.1:${testdir}/../../../../../stubs/apache-commons-lang:${testdir}/../../../../../stubs/jaxen-1.2.0
|
||||
|
||||
@@ -1,33 +0,0 @@
|
||||
import io.micronaut.http.annotation.Controller;
|
||||
import io.micronaut.http.annotation.Get;
|
||||
import io.micronaut.http.annotation.QueryValue;
|
||||
import io.micronaut.http.client.HttpClient;
|
||||
import io.micronaut.http.uri.UriBuilder;
|
||||
import java.net.URI;
|
||||
|
||||
@Controller("/ssrf")
|
||||
public class MicronautSSRF {
|
||||
|
||||
private HttpClient client;
|
||||
|
||||
@Get("/retrieve")
|
||||
public String testRetrieve(@QueryValue String url) { // $ Source
|
||||
return client.toBlocking().retrieve(url); // $ Alert
|
||||
}
|
||||
|
||||
@Get("/exchange-string")
|
||||
public Object testExchangeWithString(@QueryValue String url) { // $ Source
|
||||
return client.toBlocking().exchange(url); // $ Alert
|
||||
}
|
||||
|
||||
@Get("/retrieve-typed")
|
||||
public Object testRetrieveTyped(@QueryValue String url) { // $ Source
|
||||
return client.toBlocking().retrieve(url, String.class); // $ Alert
|
||||
}
|
||||
|
||||
@Get("/uri-builder")
|
||||
public String testUriBuilder(@QueryValue String host) { // $ Source
|
||||
URI uri = UriBuilder.of("http://example.com").host(host).build();
|
||||
return client.toBlocking().retrieve(uri.toString()); // $ Alert
|
||||
}
|
||||
}
|
||||
File diff suppressed because it is too large
Load Diff
@@ -1 +1 @@
|
||||
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/micronaut-4.x:${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf
|
||||
//semmle-extractor-options: --javac-args -source 11 -target 11 -cp ${testdir}/../../../stubs/javax-validation-constraints:${testdir}/../../../stubs/springframework-5.8.x:${testdir}/../../../stubs/javax-ws-rs-api-2.1.1:${testdir}/../../../stubs/javax-ws-rs-api-3.0.0:${testdir}/../../../stubs/apache-http-4.4.13/:${testdir}/../../../stubs/projectreactor-3.4.3/:${testdir}/../../../stubs/postgresql-42.3.3/:${testdir}/../../../stubs/HikariCP-3.4.5/:${testdir}/../../../stubs/spring-jdbc-5.3.8/:${testdir}/../../../stubs/jdbi3-core-3.27.2/:${testdir}/../../../stubs/cargo:${testdir}/../../../stubs/javafx-web:${testdir}/../../../stubs/apache-commons-jelly-1.0.1:${testdir}/../../../stubs/dom4j-2.1.1:${testdir}/../../../stubs/jaxen-1.2.0:${testdir}/../../../stubs/stapler-1.263:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/saxon-xqj-9.x:${testdir}/../../../stubs/apache-commons-beanutils:${testdir}/../../../stubs/apache-commons-lang:${testdir}/../../../stubs/apache-http-5:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jaxws-api-2.0:${testdir}/../../../stubs/apache-cxf
|
||||
|
||||
@@ -1,201 +0,0 @@
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
https://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.context.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
|
||||
public @interface Property {
|
||||
String name();
|
||||
String defaultValue() default "";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.context.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.FIELD, ElementType.PARAMETER, ElementType.METHOD})
|
||||
public @interface Value {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.data.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Query {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.data.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.TYPE})
|
||||
public @interface Repository {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
package io.micronaut.data.repository;
|
||||
|
||||
import java.util.Optional;
|
||||
|
||||
public interface CrudRepository<E, ID> extends GenericRepository<E, ID> {
|
||||
<S extends E> S save(S entity);
|
||||
<S extends E> Iterable<S> saveAll(Iterable<S> entities);
|
||||
Optional<E> findById(ID id);
|
||||
boolean existsById(ID id);
|
||||
Iterable<E> findAll();
|
||||
long count();
|
||||
void deleteById(ID id);
|
||||
void delete(E entity);
|
||||
void deleteAll();
|
||||
}
|
||||
@@ -1,4 +0,0 @@
|
||||
package io.micronaut.data.repository;
|
||||
|
||||
public interface GenericRepository<E, ID> {
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
public interface HttpHeaders {
|
||||
String get(CharSequence name);
|
||||
List<String> getAll(CharSequence name);
|
||||
Optional<String> getFirst(CharSequence name);
|
||||
java.util.Collection<List<String>> values();
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
public enum HttpMethod {
|
||||
GET, POST, PUT, DELETE, PATCH, HEAD, OPTIONS, TRACE;
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
public interface HttpParameters {
|
||||
String get(CharSequence name);
|
||||
List<String> getAll(CharSequence name);
|
||||
Optional<String> getFirst(CharSequence name);
|
||||
}
|
||||
@@ -1,26 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Optional;
|
||||
import io.micronaut.http.cookie.Cookies;
|
||||
|
||||
public interface HttpRequest<B> {
|
||||
Cookies getCookies();
|
||||
HttpHeaders getHeaders();
|
||||
HttpParameters getParameters();
|
||||
Optional<B> getBody();
|
||||
URI getUri();
|
||||
String getPath();
|
||||
Optional<MediaType> getContentType();
|
||||
long getContentLength();
|
||||
HttpMethod getMethod();
|
||||
String getMethodName();
|
||||
|
||||
static <T> HttpRequest<T> GET(String uri) { return null; }
|
||||
static <T> HttpRequest<T> POST(String uri, T body) { return null; }
|
||||
static <T> HttpRequest<T> PUT(String uri, T body) { return null; }
|
||||
static HttpRequest<?> DELETE(String uri) { return null; }
|
||||
static <T> HttpRequest<T> PATCH(String uri, T body) { return null; }
|
||||
static HttpRequest<?> HEAD(String uri) { return null; }
|
||||
static HttpRequest<?> OPTIONS(String uri) { return null; }
|
||||
}
|
||||
@@ -1,18 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
import java.net.URI;
|
||||
import java.util.Optional;
|
||||
|
||||
public interface HttpResponse<B> {
|
||||
HttpStatus getStatus();
|
||||
int code();
|
||||
HttpHeaders getHeaders();
|
||||
Optional<B> getBody();
|
||||
|
||||
static <T> MutableHttpResponse<T> ok() { return null; }
|
||||
static <T> MutableHttpResponse<T> ok(T body) { return null; }
|
||||
static MutableHttpResponse<?> redirect(URI location) { return null; }
|
||||
static MutableHttpResponse<?> notFound() { return null; }
|
||||
static MutableHttpResponse<?> badRequest() { return null; }
|
||||
static MutableHttpResponse<?> serverError() { return null; }
|
||||
}
|
||||
@@ -1,30 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
public enum HttpStatus {
|
||||
OK(200),
|
||||
CREATED(201),
|
||||
ACCEPTED(202),
|
||||
NO_CONTENT(204),
|
||||
MOVED_PERMANENTLY(301),
|
||||
FOUND(302),
|
||||
SEE_OTHER(303),
|
||||
NOT_MODIFIED(304),
|
||||
TEMPORARY_REDIRECT(307),
|
||||
BAD_REQUEST(400),
|
||||
UNAUTHORIZED(401),
|
||||
FORBIDDEN(403),
|
||||
NOT_FOUND(404),
|
||||
METHOD_NOT_ALLOWED(405),
|
||||
INTERNAL_SERVER_ERROR(500),
|
||||
SERVICE_UNAVAILABLE(503);
|
||||
|
||||
private final int code;
|
||||
|
||||
HttpStatus(int code) {
|
||||
this.code = code;
|
||||
}
|
||||
|
||||
public int getCode() {
|
||||
return code;
|
||||
}
|
||||
}
|
||||
@@ -1,15 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
public class MediaType {
|
||||
public static final String APPLICATION_JSON = "application/json";
|
||||
public static final String TEXT_PLAIN = "text/plain";
|
||||
public static final String TEXT_HTML = "text/html";
|
||||
public static final String APPLICATION_FORM_URLENCODED = "application/x-www-form-urlencoded";
|
||||
public static final String MULTIPART_FORM_DATA = "multipart/form-data";
|
||||
public static final String APPLICATION_XML = "application/xml";
|
||||
public static final String APPLICATION_OCTET_STREAM = "application/octet-stream";
|
||||
|
||||
public MediaType(String name) {}
|
||||
|
||||
public String getName() { return null; }
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http;
|
||||
|
||||
public interface MutableHttpResponse<B> extends HttpResponse<B> {
|
||||
MutableHttpResponse<B> header(CharSequence name, CharSequence value);
|
||||
MutableHttpResponse<B> headers(java.util.Map<CharSequence, CharSequence> headers);
|
||||
MutableHttpResponse<B> contentType(MediaType mediaType);
|
||||
MutableHttpResponse<B> contentType(CharSequence mediaType);
|
||||
MutableHttpResponse<B> status(HttpStatus status);
|
||||
MutableHttpResponse<B> status(int status);
|
||||
<T> MutableHttpResponse<T> body(T body);
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface Body {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.TYPE})
|
||||
public @interface Controller {
|
||||
String value() default "/";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface CookieValue {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface CustomHttpMethod {
|
||||
String value() default "/";
|
||||
String method();
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Delete {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target(ElementType.METHOD)
|
||||
public @interface Error {
|
||||
Class<? extends Throwable> exception() default Throwable.class;
|
||||
boolean global() default false;
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Get {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Head {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface Header {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Options {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface Part {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Patch {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface PathVariable {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Post {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Put {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface QueryValue {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.PARAMETER})
|
||||
public @interface RequestAttribute {
|
||||
String value() default "";
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.ElementType;
|
||||
import java.lang.annotation.Retention;
|
||||
import java.lang.annotation.RetentionPolicy;
|
||||
import java.lang.annotation.Target;
|
||||
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target(ElementType.PARAMETER)
|
||||
public @interface RequestBean {
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface Trace {
|
||||
String value() default "/";
|
||||
String uri() default "/";
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
package io.micronaut.http.client;
|
||||
|
||||
import io.micronaut.http.HttpRequest;
|
||||
import io.micronaut.http.HttpResponse;
|
||||
|
||||
public interface BlockingHttpClient {
|
||||
<I, O> HttpResponse<O> exchange(HttpRequest<I> request, Class<O> bodyType);
|
||||
<I, O> HttpResponse<O> exchange(HttpRequest<I> request);
|
||||
String retrieve(String uri);
|
||||
<O> O retrieve(String uri, Class<O> bodyType);
|
||||
String exchange(String uri);
|
||||
<O> HttpResponse<O> exchange(String uri, Class<O> bodyType);
|
||||
}
|
||||
@@ -1,5 +0,0 @@
|
||||
package io.micronaut.http.client;
|
||||
|
||||
public interface HttpClient {
|
||||
BlockingHttpClient toBlocking();
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.cookie;
|
||||
|
||||
public interface Cookie {
|
||||
String getName();
|
||||
String getValue();
|
||||
String getDomain();
|
||||
String getPath();
|
||||
boolean isHttpOnly();
|
||||
boolean isSecure();
|
||||
long getMaxAge();
|
||||
}
|
||||
@@ -1,11 +0,0 @@
|
||||
package io.micronaut.http.cookie;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
public interface Cookies {
|
||||
Set<Cookie> getAll();
|
||||
Optional<Cookie> findCookie(CharSequence name);
|
||||
Cookie get(CharSequence name);
|
||||
}
|
||||
@@ -1,14 +0,0 @@
|
||||
package io.micronaut.http.multipart;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.util.Optional;
|
||||
import io.micronaut.http.MediaType;
|
||||
|
||||
public interface CompletedFileUpload {
|
||||
String getFilename();
|
||||
byte[] getBytes() throws IOException;
|
||||
InputStream getInputStream() throws IOException;
|
||||
long getSize();
|
||||
Optional<MediaType> getContentType();
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
package io.micronaut.http.uri;
|
||||
|
||||
import java.net.URI;
|
||||
|
||||
public interface UriBuilder {
|
||||
static UriBuilder of(CharSequence uri) { return null; }
|
||||
static UriBuilder of(URI uri) { return null; }
|
||||
UriBuilder host(String host);
|
||||
UriBuilder path(String path);
|
||||
UriBuilder queryParam(String name, Object... values);
|
||||
UriBuilder fragment(String fragment);
|
||||
URI build();
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.security.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD, ElementType.TYPE})
|
||||
public @interface Secured {
|
||||
String[] value();
|
||||
}
|
||||
@@ -1,13 +0,0 @@
|
||||
package io.micronaut.websocket;
|
||||
|
||||
import java.util.Optional;
|
||||
import java.util.Set;
|
||||
|
||||
public interface WebSocketSession {
|
||||
String getId();
|
||||
Set<? extends WebSocketSession> getOpenSessions();
|
||||
Optional<String> getCurrentRequest();
|
||||
boolean isOpen();
|
||||
boolean isSecure();
|
||||
void close();
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
package io.micronaut.websocket.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface OnClose {
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
package io.micronaut.websocket.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface OnMessage {
|
||||
}
|
||||
@@ -1,9 +0,0 @@
|
||||
package io.micronaut.websocket.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.METHOD})
|
||||
public @interface OnOpen {
|
||||
}
|
||||
@@ -1,10 +0,0 @@
|
||||
package io.micronaut.websocket.annotation;
|
||||
|
||||
import java.lang.annotation.*;
|
||||
|
||||
@Documented
|
||||
@Retention(RetentionPolicy.RUNTIME)
|
||||
@Target({ElementType.TYPE})
|
||||
public @interface ServerWebSocket {
|
||||
String value() default "/";
|
||||
}
|
||||
Reference in New Issue
Block a user