search

github / codeql

CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
https://codeql.github.com
MIT License
7.71k stars 1.55k forks source link

I cant find the java.naming.xxx class in codeql #2954

Open ox1234 opened 4 years ago

ox1234 commented 4 years ago

here is my code, i want to get the javax.naming.xxx classes, such as InitialContext

from Class asdf, string pack
where pack = asdf.getQualifiedName() and exists(pack.indexOf("javax.naming"))
select pack,asdf

but after run, only four result image

aschackmull commented 4 years ago

Are you using InitialContext in your code? Otherwise it likely won't be part of the database.

ox1234 commented 4 years ago

I also find that InitialContext is not in my code, but I want to analyze the whole jdk classes and the source code classes, and some jdk classes are not used in the source, is it possible?

ox1234 commented 4 years ago

Are you using InitialContext in your code? Otherwise it likely won't be part of the database.

In fact, I want to do some vulnerability research, I need to search the entire jdk classes, not only the source code used classes

aschackmull commented 4 years ago

In that case you'll want a database of the jdk itself. Let me see if I can find that for you.

aschackmull commented 4 years ago

Still working on this. The problem is that our old infrastructure for making such databases available is currently being decommissioned, and the new infrastructure is in the process of being set up but still pending an approval from legal.