Make the test runnable via codeql test run

Author: ggolawski

java/ql/src/experimental/qlpack.yml

@@ -0,0 +1,3 @@
+name: codeql-java-experimental
+version: 0.0.0
+libraryPathDependencies: codeql-java

java/ql/test/experimental/qlpack.yml

@@ -0,0 +1,4 @@
+name: codeql-java-experimental-tests
+version: 0.0.0
+libraryPathDependencies: codeql-java-experimental
+extractor: java

java/ql/test/experimental/query-tests/security/CWE-016/SpringBootActuators.expected

@@ -0,0 +1,7 @@
+| SpringBootActuators.java:6:88:6:120 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:10:5:10:137 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:14:5:14:149 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:18:5:18:101 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:22:5:22:89 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:26:40:26:108 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |
+| SpringBootActuators.java:30:5:30:113 | permitAll(...) | Unauthenticated access to Spring Boot actuator is allowed. |

java/ql/test/experimental/query-tests/security/CWE-016/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/beans/factory/BeanFactory.java

@@ -0,0 +1,3 @@
+package org.springframework.beans.factory;
+
+public interface BeanFactory {}

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/beans/factory/HierarchicalBeanFactory.java

@@ -0,0 +1,3 @@
+package org.springframework.beans.factory;
+
+public interface HierarchicalBeanFactory extends BeanFactory {}

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/beans/factory/ListableBeanFactory.java

@@ -0,0 +1,3 @@
+package org.springframework.beans.factory;
+
+public interface ListableBeanFactory extends BeanFactory {}

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/boot/actuate/autoconfigure/security/servlet/EndpointRequest.java

@@ -0,0 +1,15 @@
+package org.springframework.boot.actuate.autoconfigure.security.servlet;
+
+import org.springframework.boot.security.servlet.ApplicationContextRequestMatcher;
+import org.springframework.web.context.WebApplicationContext;
+
+public final class EndpointRequest {
+	public static EndpointRequestMatcher toAnyEndpoint() {
+		return null;
+  }
+  
+  public static final class EndpointRequestMatcher extends AbstractRequestMatcher {}
+
+  private abstract static class AbstractRequestMatcher
+			extends ApplicationContextRequestMatcher<WebApplicationContext> {}
+}

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/boot/security/servlet/ApplicationContextRequestMatcher.java

@@ -0,0 +1,5 @@
+package org.springframework.boot.security.servlet;
+
+import org.springframework.security.web.util.matcher.RequestMatcher;
+
+public abstract class ApplicationContextRequestMatcher<C> implements RequestMatcher {}

java/ql/test/experimental/stubs/springframework-5.2.3/org/springframework/context/ApplicationContext.java

@@ -0,0 +1,9 @@
+package org.springframework.context;
+
+import org.springframework.beans.factory.HierarchicalBeanFactory;
+import org.springframework.beans.factory.ListableBeanFactory;
+import org.springframework.core.env.EnvironmentCapable;
+import org.springframework.core.io.support.ResourcePatternResolver;
+
+public interface ApplicationContext extends EnvironmentCapable, ListableBeanFactory, HierarchicalBeanFactory,
+		MessageSource, ApplicationEventPublisher, ResourcePatternResolver {}