Missing @SqlEvenQuotes default annotations

[Calvin-L]

Thank you @iywang2016 for adding the SQL quotes checker (#6778)! I'm excited to use it.

I think its stub files need @SqlEvenQuotes in a few more places:

$ git clone https://github.com/typetools/jdk.git
$ egrep -rinH 'String sql\b' jdk/src/java.sql/share/classes/java 

[*] jdk/src/java.sql/share/classes/java/sql/Statement.java:71:    ResultSet executeQuery(@Untainted String sql) throws SQLException;
[*] jdk/src/java.sql/share/classes/java/sql/Statement.java:96:    int executeUpdate(@Untainted String sql) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:360:    boolean execute(@Untainted String sql) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:526:    void addBatch( @Untainted String sql ) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:760:    int executeUpdate(@Untainted String sql, int autoGeneratedKeys) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:795:    int executeUpdate(@Untainted String sql, int columnIndexes[]) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:829:    int executeUpdate(@Untainted String sql, String columnNames[]) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:882:    boolean execute(@Untainted String sql, int autoGeneratedKeys) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:931:    boolean execute(@Untainted String sql, int columnIndexes[]) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:981:    boolean execute(@Untainted String sql, String columnNames[]) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Statement.java:1237:    default long executeLargeUpdate(@Untainted String sql) throws SQLException {
jdk/src/java.sql/share/classes/java/sql/Statement.java:1284:    default long executeLargeUpdate(@Untainted String sql, int autoGeneratedKeys)
jdk/src/java.sql/share/classes/java/sql/Statement.java:1329:    default long executeLargeUpdate(@Untainted String sql, int columnIndexes[]) throws SQLException {
jdk/src/java.sql/share/classes/java/sql/Statement.java:1372:    default long executeLargeUpdate(@Untainted String sql, String columnNames[])
jdk/src/java.sql/share/classes/java/sql/Connection.java:144:    PreparedStatement prepareStatement(String sql)
jdk/src/java.sql/share/classes/java/sql/Connection.java:177:    CallableStatement prepareCall(String sql) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Connection.java:191:    String nativeSQL(String sql) throws SQLException;
jdk/src/java.sql/share/classes/java/sql/Connection.java:572:    PreparedStatement prepareStatement(String sql, int resultSetType,
jdk/src/java.sql/share/classes/java/sql/Connection.java:606:    CallableStatement prepareCall(String sql, int resultSetType,
jdk/src/java.sql/share/classes/java/sql/Connection.java:858:    PreparedStatement prepareStatement(String sql, int resultSetType,
jdk/src/java.sql/share/classes/java/sql/Connection.java:898:    CallableStatement prepareCall(String sql, int resultSetType,
jdk/src/java.sql/share/classes/java/sql/Connection.java:945:    PreparedStatement prepareStatement(String sql, int autoGeneratedKeys)
jdk/src/java.sql/share/classes/java/sql/Connection.java:993:    PreparedStatement prepareStatement(String sql, int columnIndexes[])
jdk/src/java.sql/share/classes/java/sql/Connection.java:1041:    PreparedStatement prepareStatement(String sql, String columnNames[])

The ones marked with * are already covered. There may be other places as well; these are just the ones I was able to find with grep.

For now I am working around this by writing my own stub file for java.sql.

(Related: should the ones in Connection be marked @Untainted as well? All the ones in Statement are.)

[iywang2016]

I think its stub files need @SqlEvenQuotes in a few more places:

The stub file annotations are unfortunately still far from extensive (as they're primarily derived from what we noted most commonly in our case studies) so thanks @Calvin-L for bringing this to our attention! Heightening the robustness of the annotations is always an ongoing process.

(Related: should the ones in Connection be marked @Untainted as well? All the ones in Statement are.)

That seems to be the case based off documentation, but I'm not as well-versed in the taint checker so I'll defer to the maintainers of that particular tool!