Open daniel-beck opened 2 months ago
Methods matching the Stapler doWhatever web method naming convention, but lacking Stapler-related return type, arguments, or annotations are incorrectly (since 2.154) identified as web methods.
doWhatever
See e.g. https://github.com/jenkinsci/dependency-track-plugin/blob/55aec7ea2fd2efa0935b69a033d450e364225d08/src/main/java/org/jenkinsci/plugins/DependencyTrack/ApiClient.java#L452
void doWhatever() and similar signatures are not identified as web methods.
void doWhatever()
void doWhatever() and similar signatures are identified as web methods.
Previously known but unaddressed per https://github.com/jenkins-infra/jenkins-codeql/blob/a28fe5f2a3874e98d6df6ee64f25e58ef61dd679/lib/stapler/WebMethod.qll#L7
Reproduction steps
Methods matching the Stapler
doWhateverweb method naming convention, but lacking Stapler-related return type, arguments, or annotations are incorrectly (since 2.154) identified as web methods.See e.g. https://github.com/jenkinsci/dependency-track-plugin/blob/55aec7ea2fd2efa0935b69a033d450e364225d08/src/main/java/org/jenkinsci/plugins/DependencyTrack/ApiClient.java#L452
Expected Results
void doWhatever()and similar signatures are not identified as web methods.Actual Results
void doWhatever()and similar signatures are identified as web methods.Anything else?
Previously known but unaddressed per https://github.com/jenkins-infra/jenkins-codeql/blob/a28fe5f2a3874e98d6df6ee64f25e58ef61dd679/lib/stapler/WebMethod.qll#L7