Skip to content

Commit 3f9701c

Browse files
atorralbaatorralba
committed
Two fixes:
* Consider that the @webservice annotation (et al) can be in a supertype or interface * getARemoteMethod should only return public methods, since protected, package-private, and private methods are not exposed
1 parent 43b9199 commit 3f9701c

File tree

2 files changed

+20
-19
lines changed

2 files changed

+20
-19
lines changed

java/ql/lib/semmle/code/java/frameworks/JaxWS.qll

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -25,7 +25,7 @@ string getAJaxRsPackage(string subpackage) { result = getAJaxRsPackage() + "." +
2525
*/
2626
class JaxWsEndpoint extends Class {
2727
JaxWsEndpoint() {
28-
exists(AnnotationType a | a = this.getAnAnnotation().getType() |
28+
exists(AnnotationType a | a = this.getAnAncestor().getAnAnnotation().getType() |
2929
a.hasName(["WebService", "WebServiceProvider", "WebServiceClient"])
3030
)
3131
}
@@ -37,6 +37,7 @@ class JaxWsEndpoint extends Class {
3737
*/
3838
Method getARemoteMethod() {
3939
result = this.getACallable() and
40+
result.isPublic() and
4041
not result instanceof InitializerMethod and
4142
not exists(Annotation a | a = result.getAnAnnotation() |
4243
a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and

java/ql/test/library-tests/frameworks/JaxWs/JaxWsEndpoint.java

Lines changed: 18 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -11,27 +11,27 @@
1111
class WebServiceClass { // $ JaxWsEndpoint
1212

1313
@WebMethod
14-
void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
14+
public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
1515
}
1616

1717
@WebEndpoint
18-
void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
18+
public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
1919
}
2020

21-
String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
21+
public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
2222
return null;
2323
}
2424

25-
String unacceptableParamType(File param) { // not an endpoint
25+
public String unacceptableParamType(File param) { // not an endpoint
2626
return null;
2727
}
2828

29-
File unacceptableReturnType() { // not an endpoint
29+
public File unacceptableReturnType() { // not an endpoint
3030
return null;
3131
}
3232

3333
@XmlJavaTypeAdapter
34-
File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
34+
public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
3535
return null;
3636
}
3737
}
@@ -41,27 +41,27 @@ File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMe
4141
class WebServiceProviderClass { // $ JaxWsEndpoint
4242

4343
@WebMethod
44-
void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
44+
public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
4545
}
4646

4747
@WebEndpoint
48-
void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
48+
public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
4949
}
5050

51-
String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
51+
public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
5252
return null;
5353
}
5454

55-
String unacceptableParamType(File param) { // not an endpoint
55+
public String unacceptableParamType(File param) { // not an endpoint
5656
return null;
5757
}
5858

59-
File unacceptableReturnType() { // not an endpoint
59+
public File unacceptableReturnType() { // not an endpoint
6060
return null;
6161
}
6262

6363
@XmlJavaTypeAdapter
64-
File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
64+
public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
6565
return null;
6666
}
6767
}
@@ -71,27 +71,27 @@ File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMe
7171
class WebServiceClientClass { // $ JaxWsEndpoint
7272

7373
@WebMethod
74-
void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
74+
public void WebMethodMethod() { // $ JaxWsEndpointRemoteMethod
7575
}
7676

7777
@WebEndpoint
78-
void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
78+
public void WebEndpointMethod() { // $ JaxWsEndpointRemoteMethod
7979
}
8080

81-
String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
81+
public String acceptableTypes(String param) { // $ JaxWsEndpointRemoteMethod
8282
return null;
8383
}
8484

85-
String unacceptableParamType(File param) { // not an endpoint
85+
public String unacceptableParamType(File param) { // not an endpoint
8686
return null;
8787
}
8888

89-
File unacceptableReturnType() { // not an endpoint
89+
public File unacceptableReturnType() { // not an endpoint
9090
return null;
9191
}
9292

9393
@XmlJavaTypeAdapter
94-
File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
94+
public File annotatedTypes(@XmlJavaTypeAdapter File param) { // $ JaxWsEndpointRemoteMethod
9595
return null;
9696
}
9797

0 commit comments

Comments
 (0)