Taint Sources for CodeSonar Java Warning Classes

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

Java

Taint Tracking for CodeSonar Java Warning Classes

Taint Sources for CodeSonar Java Warning Classes

Taint sources are locations where data from an untrusted origin may enter a program. Such data can be used to construct injection attacks.

This section lists the methods that the CodeSonar Java analysis automatically recognizes as sources, and explains how to specify additional methods that the analysis should treat as sanitizers.

Overview
Specifying Additional Sources
Sources Automatically Recognized

Overview

Taint sources are locations where data from an untrusted origin may enter a progam. This tainted data can be used to construct injection attacks, unless it is subsequently sanitized.

Specifying Additional Sources

If you have a method that is a taint source but not automatically recognized, you can instruct the CodeSonar analysis to treat it as a source by annotating the appropriate piece of its signature — usually the return value, but sometimes a parameter — with one of the following.

Annotation	Notes
@com.juliasoft.julia.checkers.flows.UntrustedDatabase	Results of database queries. Taint of this kind is not tracked if JAVA_ANALYSIS_TRUST_DATABASE=Yes.
@com.juliasoft.julia.checkers.flows.UntrustedDevice	Data about the specific device where the program is running, such as its phone number, its geographical location and its IMEI code. Taint of this kind is not tracked if JAVA_ANALYSIS_TRUST_DEVICE=Yes.
@com.juliasoft.julia.checkers.flows.UntrustedEnvironment	Files from the file system, system properties and arguments to main methods. Taint of this kind is not tracked if JAVA_ANALYSIS_TRUST_ENVIRONMENT=Yes.
@com.juliasoft.julia.checkers.flows.UntrustedExternalStream	Input streams from sockets or URL are considered as source locations of untrusted data. Taint of this kind is not tracked if JAVA_ANALYSIS_TRUST_EXTERNAL_STREAMS=Yes.
@com.juliasoft.julia.checkers.flows.UntrustedUserInput	Request objects to servlets and input read from console are considered as source locations of untrusted data. Taint of this kind is not tracked if JAVA_ANALYSIS_TRUST_USER_INPUT=Yes.
@javax.ws.rs.PathParam	[Annotated parameters only] parameters with this annotation are treated the same as those annotated with @UntrustedUserInput
@org.springframework.web.bind.annotation.RequestMapping	[Annotated methods only] parameters of methods with this annotation are treated as tainted if at least one of the following is true. Parameter type is javax.servlet.http.HttpServletRequest. Parameter is annotated as @org.springframework.web.bind.annotation.RequestParam. Parameter is annotated as @org.springframework.web.bind.annotation.PathVariable.

Sources Automatically Recognized

The methods listed below are automatically recognized as taint sources by CodeSonar. The relevant annotation from the table above is shown for each method.

androidAPI1
androidAPI17
androidAPI23
androidAPI24
java1
java2
java5
java6
java7
java8
java9
java11

androidAPI1

@UntrustedDevice Location android.location.LocationManager.getLastKnownLocation(String arg0)
@UntrustedDevice String android.location.LocationProvider.getName()
@UntrustedEnvironment String android.os.SystemProperties.get(String arg0, String arg1)
@UntrustedEnvironment String android.os.SystemProperties.get(String arg0)
@UntrustedDevice CellLocation android.telephony.TelephonyManager.getCellLocation()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceSoftwareVersion()
@UntrustedDevice String android.telephony.TelephonyManager.getLine1Number()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperatorName()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneType()
@UntrustedDevice String android.telephony.TelephonyManager.getSimCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperatorName()
@UntrustedDevice String android.telephony.TelephonyManager.getSimSerialNumber()
@UntrustedDevice String android.telephony.TelephonyManager.getVoiceMailNumber()
@UntrustedUserInput Editable android.widget.EditText.getText()
void com.openxc.VehicleLocationProvider.receive(@UntrustedDevice Measurement arg0)
void com.openxc.VehicleManager.Listener.receive(@UntrustedDevice VehicleMessage arg0)
@UntrustedDevice VehicleMessage com.openxc.VehicleManager.get(MessageKey arg0)
@UntrustedDevice Measurement com.openxc.VehicleManager.get(Class arg0)
@UntrustedDevice String com.openxc.VehicleManager.getVehicleInterfaceDeviceId()
@UntrustedDevice String com.openxc.VehicleManager.getVehicleInterfacePlatform()
@UntrustedDevice String com.openxc.VehicleManager.getVehicleInterfaceVersion()
@UntrustedDevice VehicleMessage com.openxc.VehicleManager.request(KeyedMessage arg0)
void com.openxc.measurements.Measurement.Listener.receive(@UntrustedDevice Measurement arg0)
void com.openxc.messages.VehicleMessage.Listener.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.AbstractQueuedCallbackSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.ContextualVehicleDataSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.FileRecorderSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.MessageListenerSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.RemoteCallbackSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.TestSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.UploaderSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.UserSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sinks.VehicleDataSink.receive(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.ApplicationSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.BaseVehicleDataSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.BytestreamDataSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.ContextualVehicleDataSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.NativeLocationSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.RemoteListenerSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.SourceCallback.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.TestSource.handleMessage(@UntrustedDevice VehicleMessage arg0)
void com.openxc.sources.VehicleDataSource.handleMessage(@UntrustedDevice VehicleMessage arg0)

androidAPI17

@UntrustedDevice List android.telephony.TelephonyManager.getAllCellInfo()
@UntrustedDevice CellLocation android.telephony.TelephonyManager.getCellLocation()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceSoftwareVersion()
@UntrustedDevice String android.telephony.TelephonyManager.getLine1Number()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperatorName()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneType()
@UntrustedDevice String android.telephony.TelephonyManager.getSimCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperatorName()
@UntrustedDevice String android.telephony.TelephonyManager.getSimSerialNumber()
@UntrustedDevice String android.telephony.TelephonyManager.getVoiceMailNumber()

androidAPI23

@UntrustedDevice List android.telephony.TelephonyManager.getAllCellInfo()
@UntrustedDevice CellLocation android.telephony.TelephonyManager.getCellLocation()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId(int arg0)
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceSoftwareVersion()
@UntrustedDevice String android.telephony.TelephonyManager.getLine1Number()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperatorName()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneCount()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneType()
@UntrustedDevice String android.telephony.TelephonyManager.getSimCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperatorName()
@UntrustedDevice String android.telephony.TelephonyManager.getSimSerialNumber()
@UntrustedDevice String android.telephony.TelephonyManager.getVoiceMailNumber()

androidAPI24

@UntrustedDevice List android.telephony.TelephonyManager.getAllCellInfo()
@UntrustedDevice CellLocation android.telephony.TelephonyManager.getCellLocation()
@UntrustedDevice int android.telephony.TelephonyManager.getDataNetworkType()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId(int arg0)
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceId()
@UntrustedDevice String android.telephony.TelephonyManager.getDeviceSoftwareVersion()
@UntrustedDevice String android.telephony.TelephonyManager.getLine1Number()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getNetworkOperatorName()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneCount()
@UntrustedDevice int android.telephony.TelephonyManager.getPhoneType()
@UntrustedDevice String android.telephony.TelephonyManager.getSimCountryIso()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperator()
@UntrustedDevice String android.telephony.TelephonyManager.getSimOperatorName()
@UntrustedDevice String android.telephony.TelephonyManager.getSimSerialNumber()
@UntrustedDevice String android.telephony.TelephonyManager.getVoiceMailNumber()
@UntrustedDevice int android.telephony.TelephonyManager.getVoiceNetworkType()

java1

@UntrustedEnvironment String java.io.BufferedReader.readLine()
@UntrustedEnvironment String java.lang.System.getProperty(String arg0)
@UntrustedEnvironment Map java.lang.System.getenv()
@UntrustedEnvironment String java.lang.System.getenv(String arg0)
@UntrustedExternalStream InputStream java.net.Socket.getInputStream()
@UntrustedExternalStream URLConnection java.net.URL.openConnection()
@UntrustedExternalStream URLConnection java.net.URL.openConnection(Proxy arg0)
@UntrustedExternalStream InputStream java.net.URL.openStream()
@UntrustedDatabase ResultSet java.sql.PreparedStatement.executeQuery()
@UntrustedDatabase ResultSet java.sql.Statement.executeQuery(String arg0)
@UntrustedEnvironment String java.util.Properties.getProperty(String arg0)
@UntrustedEnvironment String java.util.Properties.getProperty(String arg0, String arg1)
@UntrustedEnvironment void java.util.Properties.load(Reader arg0)
@UntrustedEnvironment String javax.servlet.GenericServlet.getInitParameter(String arg0)
@UntrustedEnvironment Enumeration javax.servlet.GenericServlet.getInitParameterNames()
void javax.servlet.GenericServlet.service(@UntrustedUserInput ServletRequest arg0, ServletResponse arg1)
@UntrustedEnvironment String javax.servlet.ServletConfig.getInitParameter(String arg0)
@UntrustedEnvironment Enumeration javax.servlet.ServletConfig.getInitParameterNames()
@UntrustedUserInput Object javax.servlet.ServletRequest.getAttribute(String arg0)
@UntrustedUserInput Enumeration javax.servlet.ServletRequest.getAttributeNames()
@UntrustedUserInput ServletInputStream javax.servlet.ServletRequest.getInputStream()
@UntrustedUserInput String javax.servlet.ServletRequest.getParameter(String arg0)
@UntrustedUserInput Map javax.servlet.ServletRequest.getParameterMap()
@UntrustedUserInput Enumeration javax.servlet.ServletRequest.getParameterNames()
@UntrustedUserInput String[] javax.servlet.ServletRequest.getParameterValues(String arg0)
@UntrustedUserInput BufferedReader javax.servlet.ServletRequest.getReader()
@UntrustedUserInput String javax.servlet.ServletRequest.getRemoteAddr()
@UntrustedUserInput String javax.servlet.ServletRequest.getRemoteHost()
@UntrustedUserInput Object javax.servlet.ServletRequestWrapper.getAttribute(String arg0)
@UntrustedUserInput Enumeration javax.servlet.ServletRequestWrapper.getAttributeNames()
@UntrustedUserInput ServletInputStream javax.servlet.ServletRequestWrapper.getInputStream()
@UntrustedUserInput String javax.servlet.ServletRequestWrapper.getParameter(String arg0)
@UntrustedUserInput Map javax.servlet.ServletRequestWrapper.getParameterMap()
@UntrustedUserInput Enumeration javax.servlet.ServletRequestWrapper.getParameterNames()
@UntrustedUserInput String[] javax.servlet.ServletRequestWrapper.getParameterValues(String arg0)
@UntrustedUserInput BufferedReader javax.servlet.ServletRequestWrapper.getReader()
@UntrustedUserInput String javax.servlet.ServletRequestWrapper.getRemoteAddr()
@UntrustedUserInput String javax.servlet.ServletRequestWrapper.getRemoteHost()
void javax.servlet.http.HttpServlet.doDelete(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doGet(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doHead(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doOptions(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doPost(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doPut(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.doTrace(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
@UntrustedEnvironment String javax.servlet.http.HttpServlet.getInitParameter(String arg0)
@UntrustedEnvironment Enumeration javax.servlet.http.HttpServlet.getInitParameterNames()
void javax.servlet.http.HttpServlet.service(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void javax.servlet.http.HttpServlet.service(@UntrustedUserInput ServletRequest arg0, ServletResponse arg1)
@UntrustedUserInput Object javax.servlet.http.HttpServletRequest.getAttribute(String arg0)
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequest.getAttributeNames()
@UntrustedUserInput Cookie[] javax.servlet.http.HttpServletRequest.getCookies()
@UntrustedUserInput long javax.servlet.http.HttpServletRequest.getDateHeader(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getHeader(String arg0)
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequest.getHeaderNames()
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequest.getHeaders(String arg0)
@UntrustedUserInput ServletInputStream javax.servlet.http.HttpServletRequest.getInputStream()
@UntrustedUserInput int javax.servlet.http.HttpServletRequest.getIntHeader(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getParameter(String arg0)
@UntrustedUserInput Map javax.servlet.http.HttpServletRequest.getParameterMap()
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequest.getParameterNames()
@UntrustedUserInput String[] javax.servlet.http.HttpServletRequest.getParameterValues(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getQueryString()
@UntrustedUserInput BufferedReader javax.servlet.http.HttpServletRequest.getReader()
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getRemoteAddr()
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getRemoteHost()
@UntrustedUserInput String javax.servlet.http.HttpServletRequest.getRemoteUser()
@UntrustedUserInput HttpSession javax.servlet.http.HttpServletRequest.getSession()
@UntrustedUserInput HttpSession javax.servlet.http.HttpServletRequest.getSession(boolean arg0)
@UntrustedUserInput Object javax.servlet.http.HttpServletRequestWrapper.getAttribute(String arg0)
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequestWrapper.getAttributeNames()
@UntrustedUserInput Cookie[] javax.servlet.http.HttpServletRequestWrapper.getCookies()
@UntrustedUserInput long javax.servlet.http.HttpServletRequestWrapper.getDateHeader(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getHeader(String arg0)
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequestWrapper.getHeaderNames()
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequestWrapper.getHeaders(String arg0)
@UntrustedUserInput ServletInputStream javax.servlet.http.HttpServletRequestWrapper.getInputStream()
@UntrustedUserInput int javax.servlet.http.HttpServletRequestWrapper.getIntHeader(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getParameter(String arg0)
@UntrustedUserInput Map javax.servlet.http.HttpServletRequestWrapper.getParameterMap()
@UntrustedUserInput Enumeration javax.servlet.http.HttpServletRequestWrapper.getParameterNames()
@UntrustedUserInput String[] javax.servlet.http.HttpServletRequestWrapper.getParameterValues(String arg0)
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getQueryString()
@UntrustedUserInput BufferedReader javax.servlet.http.HttpServletRequestWrapper.getReader()
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getRemoteAddr()
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getRemoteHost()
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getRemoteUser()
@UntrustedUserInput String javax.servlet.http.HttpServletRequestWrapper.getRequestURI()
@UntrustedUserInput StringBuffer javax.servlet.http.HttpServletRequestWrapper.getRequestURL()
@UntrustedUserInput HttpSession javax.servlet.http.HttpServletRequestWrapper.getSession(boolean arg0)
@UntrustedUserInput HttpSession javax.servlet.http.HttpServletRequestWrapper.getSession()
void org.apache.jasper.runtime.HttpJspBase._jspService(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doDelete(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doGet(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doHead(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doOptions(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doPost(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doPut(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.doTrace(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.service(@UntrustedUserInput ServletRequest arg0, ServletResponse arg1)
void org.apache.jasper.runtime.HttpJspBase.service(@UntrustedUserInput HttpServletRequest arg0, HttpServletResponse arg1)

java2

@UntrustedUserInput char[] java.net.PasswordAuthentication.getPassword()

java5

@UntrustedEnvironment String java.lang.ProcessEnvironment.getenv(String arg0)
@UntrustedUserInput HttpParams org.apache.http.client.HttpClient.getParams()
@UntrustedUserInput Session org.hibernate.SessionFactory.getCurrentSession()

java6

@UntrustedUserInput String java.io.Console.readLine(String arg0, Object[] arg1)
@UntrustedUserInput String java.io.Console.readLine()
@UntrustedUserInput char[] java.io.Console.readPassword(String arg0, Object[] arg1)
@UntrustedUserInput char[] java.io.Console.readPassword()

java7

@UntrustedEnvironment byte[] java.nio.file.Files.readAllBytes(Path arg0)
@UntrustedEnvironment List java.nio.file.Files.readAllLines(Path arg0, Charset arg1)

java8

@UntrustedEnvironment Stream java.nio.file.Files.lines(Path arg0)
@UntrustedEnvironment Stream java.nio.file.Files.lines(Path arg0, Charset arg1)
@UntrustedEnvironment List java.nio.file.Files.readAllLines(Path arg0)

java9

@UntrustedUserInput Optional jdk.incubator.http.HttpRequest.bodyPublisher()
@UntrustedUserInput HttpRequest jdk.incubator.http.HttpRequest.headers()
@UntrustedUserInput String jdk.incubator.http.HttpRequest.method()
@UntrustedUserInput Optional jdk.incubator.http.HttpRequest.timeout()
@UntrustedUserInput URI jdk.incubator.http.HttpRequest.uri()
@UntrustedUserInput Version jdk.incubator.http.HttpRequest.version()
@UntrustedUserInput HttpResponse jdk.incubator.http.HttpResponse.body()
@UntrustedUserInput Object jdk.incubator.http.HttpResponse.body()
@UntrustedUserInput HttpRequest jdk.incubator.http.HttpResponse.headers()
@UntrustedUserInput Cookie jdk.incubator.http.HttpResponse.request()
@UntrustedUserInput SSLParameters jdk.incubator.http.HttpResponse.sslParameters()
@UntrustedUserInput int jdk.incubator.http.HttpResponse.statusCode()
@UntrustedUserInput CompletableFuture jdk.incubator.http.HttpResponse.trailers()
@UntrustedUserInput URI jdk.incubator.http.HttpResponse.uri()
@UntrustedUserInput Version jdk.incubator.http.HttpResponse.version()

java11

@UntrustedEnvironment String java.nio.file.Files.readString(Path arg0)
@UntrustedEnvironment String java.nio.file.Files.readString(Path arg0, Charset arg1)

To report problems with this documentation, please visit https://support.codesecure.com/.