Merge pull request #12249 from jcogs33/jcogs33/add-heuristic-neutral-models

Java: add some neutral models discovered with heuristics
2026-04-26 17:25:19 +02:00 · 2023-06-01 07:51:55 -04:00
parent c1bd04e802 82f208ca7a
commit 10bab71c60
11 changed files with 265 additions and 0 deletions
--- a/java/ql/lib/ext/java.io.model.yml
+++ b/java/ql/lib/ext/java.io.model.yml
@@ -100,6 +100,7 @@ extensions:
      pack: codeql/java-all
      extensible: neutralModel
    data:
+      # summary neutrals
      - ["java.io", "Closeable", "close", "()", "summary", "manual"]
      - ["java.io", "DataOutput", "writeBoolean", "(boolean)", "summary", "manual"]
      - ["java.io", "File", "delete", "()", "summary", "manual"]
@@ -117,3 +118,7 @@ extensions:
      - ["java.io", "DataInput", "readLong", "()", "summary", "manual"]        # taint-numeric
      - ["java.io", "DataOutput", "writeInt", "(int)", "summary", "manual"]    # taint-numeric
      - ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"]  # taint-numeric
+
+      # sink neutrals
+      - ["java.io", "File", "compareTo", "", "sink", "hq-manual"]
+      - ["java.io", "File", "exists", "()", "sink", "hq-manual"]
--- a/java/ql/lib/ext/java.nio.file.model.yml
+++ b/java/ql/lib/ext/java.nio.file.model.yml
@@ -81,4 +81,22 @@ extensions:
      pack: codeql/java-all
      extensible: neutralModel
    data:
+      # summary neutrals
      - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"]
+
+      # sink neutrals
+      - ["java.nio.file", "Files", "exists", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "getLastModifiedTime", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "getOwner", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "getPosixFilePermissions", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isDirectory", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isExecutable", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isHidden", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isReadable", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isRegularFile", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isSameFile", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isSymbolicLink", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "isWritable", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "notExists", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "setLastModifiedTime", "", "sink", "hq-manual"]
+      - ["java.nio.file", "Files", "size", "", "sink", "hq-manual"]
--- a/java/ql/lib/ext/java.nio.file.spi.model.yml
+++ b/java/ql/lib/ext/java.nio.file.spi.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      # sink neutrals
+      - ["java.nio.file.spi", "FileSystemProvider", "isHidden", "", "sink", "hq-manual"]
+      - ["java.nio.file.spi", "FileSystemProvider", "isSameFile", "", "sink", "hq-manual"]
--- a/java/ql/lib/ext/java.text.model.yml
+++ b/java/ql/lib/ext/java.text.model.yml
@@ -3,8 +3,14 @@ extensions:
      pack: codeql/java-all
      extensible: neutralModel
    data:
+      # summary neutrals
      # The below APIs have numeric flow and are currently being stored as neutral models.
      # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
      - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"]                   # taint-numeric
      - ["java.text", "DateFormat", "parse", "(String)", "summary", "manual"]                  # taint-numeric
      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric
+
+      # sink neutrals
+      - ["java.text", "Collator", "compare", "", "sink", "hq-manual"]
+      - ["java.text", "Collator", "equals", "", "sink", "hq-manual"]
+      - ["java.text", "RuleBasedCollator", "compare", "", "sink", "hq-manual"]
--- a/java/ql/lib/ext/java.util.prefs.model.yml
+++ b/java/ql/lib/ext/java.util.prefs.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      # sink neutrals
+      - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "sink", "hq-manual"]
+      - ["java.util.prefs", "Preferences", "nodeExists", "", "sink", "hq-manual"]
--- a/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml
+++ b/java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      # sink neutrals
+      - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "sink", "hq-manual"]