hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Add more neutral JDK models

Browse Source 
This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.
This commit is contained in:
Tony Torralba
2024-03-13 16:59:38 +01:00
parent c190dd21db
commit 039bea1625
9 changed files with 45 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
java/ql/lib/ext/java.beans.model.yml
View File

@@ -4,3 +4,12 @@ extensions:
extensible: summaryModel
data:
- ["java.beans", "XMLDecoder", False, "XMLDecoder", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
# summary neutrals
- ["java.beans", "PropertyEditor", "getAsText", "()", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- ["java.beans", "PropertyEditor", "getValue", "()", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- ["java.beans", "PropertyEditor", "setAsText", "()", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
- ["java.beans", "PropertyEditor", "setValue", "()", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs