From ec1762e0154af539fed7e9386f6832a27a7eb346 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 2 Mar 2023 13:09:00 +0100 Subject: [PATCH 01/14] Update MaD Declarations after Triage --- java/ql/lib/ext/java.net.model.yml | 1 + java/ql/lib/ext/java.nio.file.model.yml | 29 +++++++++++++++++++ .../ql/lib/ext/javax.imageio.stream.model.yml | 7 +++++ java/ql/lib/ext/javax.naming.model.yml | 6 ++++ java/ql/lib/ext/javax.servlet.model.yml | 6 ++++ .../lib/ext/javax.swing.filechooser.model.yml | 7 +++++ .../ext/org.geogebra.web.full.main.model.yml | 7 +++++ .../org.springframework.web.client.model.yml | 1 + 8 files changed, 64 insertions(+) create mode 100644 java/ql/lib/ext/javax.imageio.stream.model.yml create mode 100644 java/ql/lib/ext/javax.swing.filechooser.model.yml create mode 100644 java/ql/lib/ext/org.geogebra.web.full.main.model.yml diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index b091890a98a0..49747801a726 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -24,6 +24,7 @@ extensions: extensible: summaryModel data: - ["java.net", "InetAddress", True, "getByName", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.net", "InetAddress", True, "getAllByName", "(String)", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "ai-generated"] - ["java.net", "InetSocketAddress", True, "createUnresolved", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 46d55500b5f3..68e6f7cd7964 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,6 +3,16 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["java.nio.file", "Files", True, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createDirectory", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createDirectories", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createFile", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "getLastModifiedTime", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.nio.file", "Files", True, "isWritable", "(Path)", "", "Argument[0]", "read-file", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] + - ["java.nio.file", "Files", True, "isDirectory", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] - ["java.nio.file", "Files", False, "copy", "", "", "Argument[0]", "read-file", "manual"] - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"] @@ -27,6 +37,25 @@ extensions: pack: codeql/java-all extensible: summaryModel data: + - ["java.nio.file", "Files", True, "newByteChannel", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newBufferedReader", "(Path)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "walk", "(Path,FileVisitOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[postVisitDirectory(Path,IOException)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newBufferedReader", "(Path,Charset)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path,Filter)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newByteChannel", "(Path,Set,FileAttribute[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/lib/ext/javax.imageio.stream.model.yml b/java/ql/lib/ext/javax.imageio.stream.model.yml new file mode 100644 index 000000000000..7c8ddae605c9 --- /dev/null +++ b/java/ql/lib/ext/javax.imageio.stream.model.yml @@ -0,0 +1,7 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]" "Argument[-1].Element", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/javax.naming.model.yml b/java/ql/lib/ext/javax.naming.model.yml index c55f76557d6b..484b9ca11ffc 100644 --- a/java/ql/lib/ext/javax.naming.model.yml +++ b/java/ql/lib/ext/javax.naming.model.yml @@ -9,3 +9,9 @@ extensions: - ["javax.naming", "Context", True, "lookupLink", "", "", "Argument[0]", "jndi-injection", "manual"] - ["javax.naming", "Context", True, "rename", "", "", "Argument[0]", "jndi-injection", "manual"] - ["javax.naming", "InitialContext", True, "doLookup", "", "", "Argument[0]", "jndi-injection", "manual"] + + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml index ba8509417294..960a25c8c185 100644 --- a/java/ql/lib/ext/javax.servlet.model.yml +++ b/java/ql/lib/ext/javax.servlet.model.yml @@ -9,3 +9,9 @@ extensions: - ["javax.servlet", "ServletRequest", False, "getParameterNames", "()", "", "ReturnValue", "remote", "manual"] - ["javax.servlet", "ServletRequest", False, "getParameterValues", "(String)", "", "ReturnValue", "remote", "manual"] - ["javax.servlet", "ServletRequest", False, "getReader", "()", "", "ReturnValue", "remote", "manual"] + + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"] diff --git a/java/ql/lib/ext/javax.swing.filechooser.model.yml b/java/ql/lib/ext/javax.swing.filechooser.model.yml new file mode 100644 index 000000000000..ebe534412936 --- /dev/null +++ b/java/ql/lib/ext/javax.swing.filechooser.model.yml @@ -0,0 +1,7 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.swing.filechooser", "FileSystemView", True, "isTraversable", "(File)", "", "Argument[0]", "read-file", "ai-generated"] # only reads file meta data diff --git a/java/ql/lib/ext/org.geogebra.web.full.main.model.yml b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml new file mode 100644 index 000000000000..9bbb31042e09 --- /dev/null +++ b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml @@ -0,0 +1,7 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.geogebra.web.full.main", "FileManager", True, "open", "(String,String)", "", "Argument[0]", "open-url", "ai-generated"] diff --git a/java/ql/lib/ext/org.springframework.web.client.model.yml b/java/ql/lib/ext/org.springframework.web.client.model.yml index 69f4cb64fc6d..bb87c03c9957 100644 --- a/java/ql/lib/ext/org.springframework.web.client.model.yml +++ b/java/ql/lib/ext/org.springframework.web.client.model.yml @@ -10,6 +10,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["org.springframework.web.client", "RestTemplate", True, "exchange", "(String,HttpMethod,HttpEntity,Class,Object[])", "", "Argument[0]", "open-url", "ai-generated"] - ["org.springframework.web.client", "RestTemplate", False, "delete", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "doExecute", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "Argument[0]", "open-url", "manual"] From 74e261738fca14b76fcfad20f04c9eeadc54a4ed Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 2 Mar 2023 15:19:40 +0100 Subject: [PATCH 02/14] remove predicate --- java/ql/lib/ext/javax.swing.filechooser.model.yml | 7 ------- 1 file changed, 7 deletions(-) delete mode 100644 java/ql/lib/ext/javax.swing.filechooser.model.yml diff --git a/java/ql/lib/ext/javax.swing.filechooser.model.yml b/java/ql/lib/ext/javax.swing.filechooser.model.yml deleted file mode 100644 index ebe534412936..000000000000 --- a/java/ql/lib/ext/javax.swing.filechooser.model.yml +++ /dev/null @@ -1,7 +0,0 @@ -extensions: - - - addsTo: - pack: codeql/java-all - extensible: sinkModel - data: - - ["javax.swing.filechooser", "FileSystemView", True, "isTraversable", "(File)", "", "Argument[0]", "read-file", "ai-generated"] # only reads file meta data From 2236db43ec980967222fd6065942407fc20b9b16 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 2 Mar 2023 15:21:26 +0100 Subject: [PATCH 03/14] sort the changed MaD declarations --- java/ql/lib/ext/java.net.model.yml | 14 ++-- java/ql/lib/ext/java.nio.file.model.yml | 69 +++++++++++-------- .../ql/lib/ext/javax.imageio.stream.model.yml | 2 +- java/ql/lib/ext/javax.naming.model.yml | 2 +- .../org.springframework.web.client.model.yml | 2 +- 5 files changed, 53 insertions(+), 36 deletions(-) diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index 49747801a726..f00fab0d6bd2 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -19,6 +19,12 @@ extensions: - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"] - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"] - ["java.net", "URLClassLoader", False, "newInstance", "", "", "Argument[0]", "open-url", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "open-url", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "open-url", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"] + - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "open-url", "manual"] + - ["java.net", "URLClassLoader", True, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "ai-generated"] - addsTo: pack: codeql/java-all extensible: summaryModel @@ -27,16 +33,16 @@ extensions: - ["java.net", "InetAddress", True, "getAllByName", "(String)", "", "Argument[0]", "ReturnValue.ArrayElement", "taint", "ai-generated"] - ["java.net", "InetSocketAddress", True, "createUnresolved", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - - ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.net", "URI", False, "resolve", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.net", "URI", False, "resolve", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["java.net", "URL", False, "toURI", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["java.net", "URL", False, "toExternalForm", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"] # @atorralba: review for consistency + - ["java.net", "URL", False, "toExternalForm", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.net", "URL", False, "toURI", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URLDecoder", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 68e6f7cd7964..f12c08111f42 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,16 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", True, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createDirectory", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createDirectories", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createFile", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "getLastModifiedTime", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] - - ["java.nio.file", "Files", True, "isWritable", "(Path)", "", "Argument[0]", "read-file", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] - - ["java.nio.file", "Files", True, "isDirectory", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] - ["java.nio.file", "Files", False, "copy", "", "", "Argument[0]", "read-file", "manual"] - ["java.nio.file", "Files", False, "copy", "", "", "Argument[1]", "create-file", "manual"] - ["java.nio.file", "Files", False, "createDirectories", "", "", "Argument[0]", "create-file", "manual"] @@ -33,30 +23,31 @@ extensions: - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "write-file", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "write-file", "manual"] + - ["java.nio.file", "Files", True, "createDirectories", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createDirectory", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createFile", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.nio.file", "Files", True, "getLastModifiedTime", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.nio.file", "Files", True, "isDirectory", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.nio.file", "Files", True, "isWritable", "(Path)", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] - addsTo: pack: codeql/java-all extensible: summaryModel data: - - ["java.nio.file", "Files", True, "newByteChannel", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newBufferedReader", "(Path)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "walk", "(Path,FileVisitOption[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[postVisitDirectory(Path,IOException)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newBufferedReader", "(Path,Charset)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path,Filter)", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newByteChannel", "(Path,Set,FileAttribute[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]" "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newBufferedReader", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newByteChannel", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newByteChannel", "(Path,Set,FileAttribute[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path,Filter)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "walk", "(Path,FileVisitOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] +<<<<<<< HEAD - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] @@ -65,5 +56,25 @@ extensions: - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] +======= + - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] +>>>>>>> cc4ba800cf (sort the changed MaD declarations) - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[postVisitDirectory(Path,IOException)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] +# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/javax.imageio.stream.model.yml b/java/ql/lib/ext/javax.imageio.stream.model.yml index 7c8ddae605c9..22ef30e52ced 100644 --- a/java/ql/lib/ext/javax.imageio.stream.model.yml +++ b/java/ql/lib/ext/javax.imageio.stream.model.yml @@ -4,4 +4,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]" "Argument[-1].Element", "taint", "ai-generated"] + - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]", "Argument[-1].Element", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/javax.naming.model.yml b/java/ql/lib/ext/javax.naming.model.yml index 484b9ca11ffc..7b7dd0e529a5 100644 --- a/java/ql/lib/ext/javax.naming.model.yml +++ b/java/ql/lib/ext/javax.naming.model.yml @@ -14,4 +14,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]" "ReturnValue", "taint", "ai-generated"] + - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/org.springframework.web.client.model.yml b/java/ql/lib/ext/org.springframework.web.client.model.yml index bb87c03c9957..5352fd0f8146 100644 --- a/java/ql/lib/ext/org.springframework.web.client.model.yml +++ b/java/ql/lib/ext/org.springframework.web.client.model.yml @@ -10,7 +10,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.springframework.web.client", "RestTemplate", True, "exchange", "(String,HttpMethod,HttpEntity,Class,Object[])", "", "Argument[0]", "open-url", "ai-generated"] - ["org.springframework.web.client", "RestTemplate", False, "delete", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "doExecute", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "exchange", "", "", "Argument[0]", "open-url", "manual"] @@ -24,3 +23,4 @@ extensions: - ["org.springframework.web.client", "RestTemplate", False, "postForLocation", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "postForObject", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "put", "", "", "Argument[0]", "open-url", "manual"] + - ["org.springframework.web.client", "RestTemplate", True, "exchange", "(String,HttpMethod,HttpEntity,Class,Object[])", "", "Argument[0]", "open-url", "ai-generated"] From b7ce0c2d9682370442fd626fc6d0301d174b9d0c Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Mon, 6 Mar 2023 08:36:13 +0100 Subject: [PATCH 04/14] fix: taint flow of ctor goes to Argument[-1], instead of ReturnValue --- java/ql/lib/ext/javax.naming.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/ext/javax.naming.model.yml b/java/ql/lib/ext/javax.naming.model.yml index 7b7dd0e529a5..2c1e4ddf7e01 100644 --- a/java/ql/lib/ext/javax.naming.model.yml +++ b/java/ql/lib/ext/javax.naming.model.yml @@ -14,4 +14,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] + - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]", "Argument[-1]", "taint", "ai-generated"] From bd21dc9460df04da41e68f32d926f90dc99914c1 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 14 Mar 2023 12:12:40 +0100 Subject: [PATCH 05/14] remove nonexploitable sinks --- java/ql/lib/ext/java.nio.file.model.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index f12c08111f42..276e0f0f1174 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -27,9 +27,6 @@ extensions: - ["java.nio.file", "Files", True, "createDirectory", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - ["java.nio.file", "Files", True, "createFile", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - ["java.nio.file", "Files", True, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "getLastModifiedTime", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] - - ["java.nio.file", "Files", True, "isDirectory", "(Path,LinkOption[])", "", "Argument[0]", "read-file", "ai-generated"] - - ["java.nio.file", "Files", True, "isWritable", "(Path)", "", "Argument[0]", "read-file", "ai-generated"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] # suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] # suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] From 4761c3a328b79a8d402ba60baf893e699944e8d6 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 14 Mar 2023 12:18:21 +0100 Subject: [PATCH 06/14] remove duplicates --- java/ql/lib/ext/java.nio.file.model.yml | 4 ---- java/ql/lib/ext/org.springframework.web.client.model.yml | 1 - 2 files changed, 5 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 276e0f0f1174..94554a0249cc 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -23,10 +23,6 @@ extensions: - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "write-file", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "write-file", "manual"] - - ["java.nio.file", "Files", True, "createDirectories", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createDirectory", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createFile", "(Path,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - - ["java.nio.file", "Files", True, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] # suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] # suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] diff --git a/java/ql/lib/ext/org.springframework.web.client.model.yml b/java/ql/lib/ext/org.springframework.web.client.model.yml index 5352fd0f8146..69f4cb64fc6d 100644 --- a/java/ql/lib/ext/org.springframework.web.client.model.yml +++ b/java/ql/lib/ext/org.springframework.web.client.model.yml @@ -23,4 +23,3 @@ extensions: - ["org.springframework.web.client", "RestTemplate", False, "postForLocation", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "postForObject", "", "", "Argument[0]", "open-url", "manual"] - ["org.springframework.web.client", "RestTemplate", False, "put", "", "", "Argument[0]", "open-url", "manual"] - - ["org.springframework.web.client", "RestTemplate", True, "exchange", "(String,HttpMethod,HttpEntity,Class,Object[])", "", "Argument[0]", "open-url", "ai-generated"] From 12bb0d98c0212a7243dbb42a7ebb3fdd500174b7 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Tue, 14 Mar 2023 12:31:09 +0100 Subject: [PATCH 07/14] move toFile back to its original location --- java/ql/lib/ext/java.net.model.yml | 1 - java/ql/lib/ext/java.nio.file.model.yml | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index f00fab0d6bd2..79087f3f4a19 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -24,7 +24,6 @@ extensions: - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "open-url", "manual"] - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "manual"] - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "open-url", "manual"] - - ["java.net", "URLClassLoader", True, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "open-url", "ai-generated"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 94554a0249cc..2fe91bc703a7 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -53,7 +53,6 @@ extensions: - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] @@ -62,6 +61,7 @@ extensions: - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] >>>>>>> cc4ba800cf (sort the changed MaD declarations) From bc99a44f3a96bec1f64438c7150e951a4d4341a0 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 20 Mar 2023 09:46:19 +0100 Subject: [PATCH 08/14] Apply suggestions from code review --- java/ql/lib/ext/java.nio.file.model.yml | 13 +++++++------ 1 file changed, 7 insertions(+), 6 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 2fe91bc703a7..37718c0bc421 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -24,8 +24,8 @@ extensions: - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[1]", "write-file", "manual"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "delete-file", "ai-generated"] + - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file + - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file - addsTo: pack: codeql/java-all extensible: summaryModel @@ -67,7 +67,8 @@ extensions: >>>>>>> cc4ba800cf (sort the changed MaD declarations) - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[postVisitDirectory(Path,IOException)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] -# suggested label is not supported: - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"] + # Not supported by current lambda flow + # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]", "Argument[1].Method[postVisitDirectory(Path,IOException)].Parameter[0]", "taint", "ai-generated"] + # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]", "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] + # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"] + # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]", "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"] From bc227179c74bee55b5932d73b26311fe56665305 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Mon, 20 Mar 2023 09:49:27 +0100 Subject: [PATCH 09/14] Update java/ql/lib/ext/org.geogebra.web.full.main.model.yml Co-authored-by: Tony Torralba --- java/ql/lib/ext/org.geogebra.web.full.main.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/ext/org.geogebra.web.full.main.model.yml b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml index 9bbb31042e09..f9d9437d7522 100644 --- a/java/ql/lib/ext/org.geogebra.web.full.main.model.yml +++ b/java/ql/lib/ext/org.geogebra.web.full.main.model.yml @@ -4,4 +4,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.geogebra.web.full.main", "FileManager", True, "open", "(String,String)", "", "Argument[0]", "open-url", "ai-generated"] + - ["org.geogebra.web.full.main", "FileManager", True, "open", "(String,String)", "", "Argument[0]", "url-redirect", "ai-generated"] From 8802fbdfe76ecf3ff1b0627eb95ff9f6ec277c25 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Mon, 20 Mar 2023 09:49:39 +0100 Subject: [PATCH 10/14] Update java/ql/lib/ext/java.nio.file.model.yml Co-authored-by: Tony Torralba --- java/ql/lib/ext/java.nio.file.model.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 37718c0bc421..0dcf1d33793b 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -56,7 +56,6 @@ extensions: - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"] From 0cab45e4b97b09b4259003745d8daa487c241017 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Mon, 20 Mar 2023 09:54:31 +0100 Subject: [PATCH 11/14] update old data to current standard (stream creation arg is a sink) --- java/ql/lib/ext/java.nio.file.model.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 0dcf1d33793b..9e3a8ac1c60a 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -26,6 +26,7 @@ extensions: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file + - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - addsTo: pack: codeql/java-all extensible: summaryModel @@ -36,8 +37,6 @@ extensions: - ["java.nio.file", "Files", True, "newByteChannel", "(Path,Set,FileAttribute[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path,Filter)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Files", True, "walk", "(Path,FileVisitOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] <<<<<<< HEAD From a66b7ed54a43e28b1106a484bc6c5d029edcf1f1 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 20 Mar 2023 10:41:10 +0100 Subject: [PATCH 12/14] Fix incorrect model, add missing model --- java/ql/lib/ext/java.nio.file.model.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 9e3a8ac1c60a..95f00987aa93 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -26,7 +26,8 @@ extensions: - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[1]", "create-file", "ai-generated"] - ["java.nio.file", "Files", True, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file - - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "create-file", "ai-generated"] - addsTo: pack: codeql/java-all extensible: summaryModel From f685b933799f9e5461d3ca88016333be2409aa1d Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 20 Mar 2023 14:15:33 +0100 Subject: [PATCH 13/14] Add change note --- java/ql/lib/change-notes/2023-03-20-dataflow-models.md | 10 ++++++++++ 1 file changed, 10 insertions(+) create mode 100644 java/ql/lib/change-notes/2023-03-20-dataflow-models.md diff --git a/java/ql/lib/change-notes/2023-03-20-dataflow-models.md b/java/ql/lib/change-notes/2023-03-20-dataflow-models.md new file mode 100644 index 000000000000..e43f3b1746aa --- /dev/null +++ b/java/ql/lib/change-notes/2023-03-20-dataflow-models.md @@ -0,0 +1,10 @@ +--- +category: minorAnalysis +--- +* Added more sink and summary dataflow models for the following packages: + * `java.net` + * `java.nio.file` + * `javax.imageio.stream` + * `javax.naming` + * `javax.servlet` + * `org.geogebra.web.full.main` From 12588124285c7d17bf3e2ebfb285c58267c14773 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Mon, 20 Mar 2023 17:11:14 +0100 Subject: [PATCH 14/14] Fix Argument[this] --- java/ql/lib/ext/hudson.model.model.yml | 2 +- .../ext/io.netty.handler.codec.http.model.yml | 2 +- java/ql/lib/ext/java.nio.file.model.yml | 24 ++++++------------- .../ql/lib/ext/javax.imageio.stream.model.yml | 2 +- java/ql/lib/ext/javax.naming.model.yml | 2 +- 5 files changed, 11 insertions(+), 21 deletions(-) diff --git a/java/ql/lib/ext/hudson.model.model.yml b/java/ql/lib/ext/hudson.model.model.yml index 77b495e0f1e0..2c0c7e46be6f 100644 --- a/java/ql/lib/ext/hudson.model.model.yml +++ b/java/ql/lib/ext/hudson.model.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["hudson.model", "DirectoryBrowserSupport$Path", False, "Path", "(String,String,boolean,long,boolean,long)", "", "Argument[0]", "Argument[-1].SyntheticField[hudson.model.DirectoryBrowserSupport$Path.href]", "taint", "ai-generated"] + - ["hudson.model", "DirectoryBrowserSupport$Path", False, "Path", "(String,String,boolean,long,boolean,long)", "", "Argument[0]", "Argument[this].SyntheticField[hudson.model.DirectoryBrowserSupport$Path.href]", "taint", "ai-generated"] - addsTo: pack: codeql/java-all extensible: sinkModel diff --git a/java/ql/lib/ext/io.netty.handler.codec.http.model.yml b/java/ql/lib/ext/io.netty.handler.codec.http.model.yml index a7a801d67dd4..6a4b0e7922eb 100644 --- a/java/ql/lib/ext/io.netty.handler.codec.http.model.yml +++ b/java/ql/lib/ext/io.netty.handler.codec.http.model.yml @@ -9,4 +9,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["io.netty.handler.codec.http", "QueryStringEncoder", True, "QueryStringEncoder", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"] + - ["io.netty.handler.codec.http", "QueryStringEncoder", True, "QueryStringEncoder", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 95f00987aa93..cca00413c33c 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -40,30 +40,20 @@ extensions: - ["java.nio.file", "Files", True, "newDirectoryStream", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Files", True, "walk", "(Path,FileVisitOption[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] -<<<<<<< HEAD + - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] + - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] -======= - - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"] - - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] - - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] ->>>>>>> cc4ba800cf (sort the changed MaD declarations) - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # Not supported by current lambda flow diff --git a/java/ql/lib/ext/javax.imageio.stream.model.yml b/java/ql/lib/ext/javax.imageio.stream.model.yml index 22ef30e52ced..a1e9abcca9d8 100644 --- a/java/ql/lib/ext/javax.imageio.stream.model.yml +++ b/java/ql/lib/ext/javax.imageio.stream.model.yml @@ -4,4 +4,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]", "Argument[-1].Element", "taint", "ai-generated"] + - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]", "Argument[this].Element", "taint", "ai-generated"] diff --git a/java/ql/lib/ext/javax.naming.model.yml b/java/ql/lib/ext/javax.naming.model.yml index 2c1e4ddf7e01..bf1395abdb39 100644 --- a/java/ql/lib/ext/javax.naming.model.yml +++ b/java/ql/lib/ext/javax.naming.model.yml @@ -14,4 +14,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]", "Argument[-1]", "taint", "ai-generated"] + - ["javax.naming", "StringRefAddr", True, "StringRefAddr", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-generated"]