github
diff --git a/‎java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll‎
Lines changed: 1 addition & 1 deletion b/‎java/ql/src/semmle/code/java/frameworks/ApacheHttp.qll‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/test/library-tests/frameworks/apache-http/A.java‎
Lines changed: 41 additions & 0 deletions b/‎java/ql/test/library-tests/frameworks/apache-http/A.java‎
Lines changed: 41 additions & 0 deletions
diff --git a/‎java/ql/test/library-tests/frameworks/apache-http/flow.expected‎
Lines changed: 23 additions & 0 deletions b/‎java/ql/test/library-tests/frameworks/apache-http/flow.expected‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎java/ql/test/library-tests/frameworks/apache-http/flow.ql‎
Lines changed: 24 additions & 0 deletions b/‎java/ql/test/library-tests/frameworks/apache-http/flow.ql‎
Lines changed: 24 additions & 0 deletions
diff --git a/‎java/ql/test/library-tests/frameworks/apache-http/options‎
Lines changed: 1 addition & 0 deletions b/‎java/ql/test/library-tests/frameworks/apache-http/options‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/Header.java‎
Lines changed: 10 additions & 27 deletions b/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/Header.java‎
Lines changed: 10 additions & 27 deletions
diff --git a/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/HttpResponse.java‎
Lines changed: 55 additions & 0 deletions b/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/HttpResponse.java‎
Lines changed: 55 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/entity/AbstractHttpEntity.java‎
Lines changed: 74 additions & 0 deletions b/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/entity/AbstractHttpEntity.java‎
Lines changed: 74 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/entity/ByteArrayEntity.java‎
Lines changed: 78 additions & 0 deletions b/‎java/ql/test/stubs/apache-http-4.4.13/org/apache/http/entity/ByteArrayEntity.java‎
Lines changed: 78 additions & 0 deletions
@@ -137,7 +137,7 @@ private class UtilMethod extends TaintPreservingCallable {
       this.hasName(mtd)
     |
       ty = "EntityUtils" and
-      mtd = ["toString", "toByteArray"]
+      mtd = ["toString", "toByteArray", "getContentCharSet", "getContentMimeType"]
       or
       ty = "EncodingUtils" and
       mtd = ["getAsciiBytes", "getAsciiString", "getBytes", "getString"]
 
@@ -0,0 +1,41 @@
+import org.apache.http.*;
+import org.apache.http.protocol.*;
+import org.apache.http.util.*;
+import org.apache.http.entity.*;
+
+class A {
+    static Object taint() { return null; }
+
+    static void sink(Object o) { }
+
+    class Test1 implements HttpRequestHandler {
+        public void handle(HttpRequest req, HttpResponse res, HttpContext ctx) {
+            A.sink(req.getRequestLine());
+            A.sink(req.getRequestLine().getUri());
+            A.sink(req.getRequestLine().getMethod());
+            A.sink(req.getAllHeaders());
+            HeaderIterator it = req.headerIterator();
+            A.sink(it.next());
+            A.sink(it.nextHeader());
+            Header h = req.getHeaders("abc")[3];
+            A.sink(h.getName());
+            A.sink(h.getValue());
+            HeaderElement el = h.getElements()[0];
+            A.sink(el.getName());
+            A.sink(el.getValue());
+            A.sink(el.getParameters());
+            A.sink(el.getParameterByName("abc").getValue());
+            A.sink(el.getParameter(0).getName());
+            HttpEntity ent = ((HttpEntityEnclosingRequest)req).getEntity();
+            A.sink(ent.getContent());
+            A.sink(ent.getContentEncoding());
+            A.sink(ent.getContentType());
+            A.sink(EntityUtils.toString(ent));
+            A.sink(EntityUtils.toByteArray(ent));
+            A.sink(EntityUtils.getContentCharSet(ent));
+            A.sink(EntityUtils.getContentMimeType(ent));
+            res.setEntity(new StringEntity("<a href='" + req.getRequestLine().getUri() + "'>a</a>"));
+            EntityUtils.updateEntity(res, new ByteArrayEntity(EntityUtils.toByteArray(ent)));
+        }
+    }
+}
@@ -0,0 +1,23 @@
+| A.java:12:28:12:42 | req | A.java:13:20:13:39 | getRequestLine(...) |
+| A.java:12:28:12:42 | req | A.java:14:20:14:48 | getUri(...) |
+| A.java:12:28:12:42 | req | A.java:15:20:15:51 | getMethod(...) |
+| A.java:12:28:12:42 | req | A.java:16:20:16:38 | getAllHeaders(...) |
+| A.java:12:28:12:42 | req | A.java:18:20:18:28 | next(...) |
+| A.java:12:28:12:42 | req | A.java:19:20:19:34 | nextHeader(...) |
+| A.java:12:28:12:42 | req | A.java:21:20:21:30 | getName(...) |
+| A.java:12:28:12:42 | req | A.java:22:20:22:31 | getValue(...) |
+| A.java:12:28:12:42 | req | A.java:24:20:24:31 | getName(...) |
+| A.java:12:28:12:42 | req | A.java:25:20:25:32 | getValue(...) |
+| A.java:12:28:12:42 | req | A.java:26:20:26:37 | getParameters(...) |
+| A.java:12:28:12:42 | req | A.java:27:20:27:58 | getValue(...) |
+| A.java:12:28:12:42 | req | A.java:28:20:28:47 | getName(...) |
+| A.java:12:28:12:42 | req | A.java:30:20:30:35 | getContent(...) |
+| A.java:12:28:12:42 | req | A.java:31:20:31:43 | getContentEncoding(...) |
+| A.java:12:28:12:42 | req | A.java:32:20:32:39 | getContentType(...) |
+| A.java:12:28:12:42 | req | A.java:33:20:33:44 | toString(...) |
+| A.java:12:28:12:42 | req | A.java:34:20:34:47 | toByteArray(...) |
+| A.java:12:28:12:42 | req | A.java:35:20:35:53 | getContentCharSet(...) |
+| A.java:12:28:12:42 | req | A.java:36:20:36:54 | getContentMimeType(...) |
+| A.java:12:28:12:42 | req | A.java:37:27:37:99 | new StringEntity(...) |
+| A.java:12:28:12:42 | req | A.java:38:43:38:91 | new ByteArrayEntity(...) |
+| A.java:30:20:30:35 | getContent(...) | A.java:30:20:30:35 | getContent(...) |
@@ -0,0 +1,24 @@
+import java
+import semmle.code.java.dataflow.TaintTracking
+import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.security.XSS
+
+class Conf extends TaintTracking::Configuration {
+  Conf() { this = "qltest:frameworks:apache-http" }
+
+  override predicate isSource(DataFlow::Node n) {
+    n.asExpr().(MethodAccess).getMethod().hasName("taint")
+    or
+    n instanceof RemoteFlowSource
+  }
+
+  override predicate isSink(DataFlow::Node n) {
+    exists(MethodAccess ma | ma.getMethod().hasName("sink") | n.asExpr() = ma.getAnArgument())
+    or
+    n instanceof XssSink
+  }
+}
+
+from DataFlow::Node src, DataFlow::Node sink, Conf conf
+where conf.hasFlow(src, sink)
+select src, sink
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13
@@ -1,8 +1,4 @@
 /*
- * $HeadURL: http://svn.apache.org/repos/asf/httpcomponents/httpcore/trunk/module-main/src/main/java/org/apache/http/Header.java $
- * $Revision: 569636 $
- * $Date: 2007-08-25 00:34:47 -0700 (Sat, 25 Aug 2007) $
- *
  * ====================================================================
  * Licensed to the Apache Software Foundation (ASF) under one
  * or more contributor license agreements.  See the NOTICE file
@@ -33,38 +29,25 @@
 
 /**
  * Represents an HTTP header field.
- * 
- * <p>
- * The HTTP header fields follow the same generic format as that given in
- * Section 3.1 of RFC 822. Each header field consists of a name followed by a
- * colon (":") and the field value. Field names are case-insensitive. The field
- * value MAY be preceded by any amount of LWS, though a single SP is preferred.
  *
- * <pre>
+ * <p>The HTTP header fields follow the same generic format as
+ * that given in Section 3.1 of RFC 822. Each header field consists
+ * of a name followed by a colon (":") and the field value. Field names
+ * are case-insensitive. The field value MAY be preceded by any amount
+ * of LWS, though a single SP is preferred.
+ *
+ *<pre>
  *     message-header = field-name ":" [ field-value ]
  *     field-name     = token
  *     field-value    = *( field-content | LWS )
  *     field-content  = &lt;the OCTETs making up the field-value
  *                      and consisting of either *TEXT or combinations
  *                      of token, separators, and quoted-string&gt;
- * </pre>
- * 
- * @author <a href="mailto:[email protected]">Remy Maucherat</a>
- * @author <a href="mailto:oleg at ural.ru">Oleg Kalnichevski</a>
- * @version $Revision: 569636 $
+ *</pre>
  *
- * @deprecated Please use {@link java.net.URL#openConnection} instead. Please
- *             visit <a href=
- *             "http://android-developers.blogspot.com/2011/09/androids-http-clients.html">this
- *             webpage</a> for further details.
+ * @since 4.0
  */
-@Deprecated
-public interface Header {
-
-    String getName();
-
-    String getValue();
-
+public interface Header extends NameValuePair {
     HeaderElement[] getElements() throws ParseException;
 
 }
@@ -0,0 +1,55 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http;
+
+import java.util.Locale;
+
+public interface HttpResponse extends HttpMessage {
+    // StatusLine getStatusLine();
+
+    // void setStatusLine(StatusLine statusline);
+
+    // void setStatusLine(ProtocolVersion ver, int code);
+
+    // void setStatusLine(ProtocolVersion ver, int code, String reason);
+
+    void setStatusCode(int code)
+        throws IllegalStateException;
+
+    void setReasonPhrase(String reason)
+        throws IllegalStateException;
+
+    HttpEntity getEntity();
+
+    void setEntity(HttpEntity entity);
+
+    Locale getLocale();
+
+    void setLocale(Locale loc);
+
+}
@@ -0,0 +1,74 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.entity;
+
+import java.io.IOException;
+import org.apache.http.HttpEntity;
+import org.apache.http.Header;
+
+public abstract class AbstractHttpEntity implements HttpEntity {
+    @Override
+    public Header getContentType() {
+      return null;
+    }
+
+    @Override
+    public Header getContentEncoding() {
+      return null;
+    }
+
+    @Override
+    public boolean isChunked() {
+      return false;
+    }
+
+    public void setContentType(final Header contentType) {
+    }
+
+    public void setContentType(final String ctString) {
+    }
+
+    public void setContentEncoding(final Header contentEncoding) {
+    }
+
+    public void setContentEncoding(final String ceString) {
+    }
+
+    public void setChunked(final boolean b) {
+    }
+
+    @Override
+    public void consumeContent() throws IOException {
+    }
+
+    @Override
+    public String toString() {
+      return null;
+    }
+
+}
@@ -0,0 +1,78 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.http.entity;
+
+import java.io.ByteArrayInputStream;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+
+
+public class ByteArrayEntity extends AbstractHttpEntity implements Cloneable {
+    public ByteArrayEntity(final byte[] b, final ContentType contentType) {
+    }
+
+    public ByteArrayEntity(final byte[] b, final int off, final int len, final ContentType contentType) {
+    }
+
+    public ByteArrayEntity(final byte[] b) {
+    }
+
+    public ByteArrayEntity(final byte[] b, final int off, final int len) {
+    }
+
+    @Override
+    public boolean isRepeatable() {
+      return false;
+    }
+
+    @Override
+    public long getContentLength() {
+      return 0;
+    }
+
+    @Override
+    public InputStream getContent() {
+      return null;
+    }
+
+    @Override
+    public void writeTo(final OutputStream outStream) throws IOException {
+    }
+
+    @Override
+    public boolean isStreaming() {
+      return false;
+    }
+
+    @Override
+    public Object clone() throws CloneNotSupportedException {
+      return null;
+    }
+
+}
Original file line number	Diff line number	Diff line change
`@@ -137,7 +137,7 @@ private class UtilMethod extends TaintPreservingCallable {`
`137`	`137`	`this.hasName(mtd)`
`138`	`138`	`\|`
`139`	`139`	`ty = "EntityUtils" and`
`140`		`- mtd = ["toString", "toByteArray"]`
	`140`	`+ mtd = ["toString", "toByteArray", "getContentCharSet", "getContentMimeType"]`
`141`	`141`	`or`
`142`	`142`	`ty = "EncodingUtils" and`
`143`	`143`	`mtd = ["getAsciiBytes", "getAsciiString", "getBytes", "getString"]`
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-http-4.4.13`