hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 20:25:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: add draft of test case

Browse Source
This commit is contained in:
Jami Cogswell
2022-12-14 22:41:21 -05:00
parent 134577e52b
commit 15069250eb
7 changed files with 335 additions and 68 deletions
Download Patch File Download Diff File Expand all files Collapse all files

138
java/ql/lib/ext/TopJdkApis.model.yml
View File

@@ -3,72 +3,76 @@ extensions:
pack: codeql/java-all
extensible: extSummaryModel
data:
# COMMENT OUT ONCE MOVED TO `<packagename>.model.yml` FILE
# namespace; type; subtypes; name; signature; ext; input; output; kind; provenance (10)
- ["java.util", "Objects", False, "requireNonNull", "(Object,String)", "", "Argument[0]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 255, but no signature specified in existing model
- ["java.util", "Collection", True, "stream", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 50
- ["java.util", "Collections", False, "singletonList", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 74
- ["java.util", "Iterator", True, "next", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 135, but no signature specified in existing model
- ["java.util", "Set", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping
- ["java.util", "List", True, "get", "(int)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 143
- ["java.util", "List", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 145
- ["java.util", "List", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping. Note: List.add(int,Object) is modelled in java.util.model.yml at line 140, seems unnecessary if Collection.add() is modelled
- ["java.util", "List", True, "addAll", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.addAll() in java.util.model.yml at line 48 through subtyping. Note: List.addAll(int,Collection) is modelled in java.util.model.yml at line 141, seems unnecessary if Collection.addAll() is modelled
- ["java.util", "ArrayList", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping
- ["java.util", "ArrayList", False, "ArrayList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 15
- ["java.util", "Arrays", False, "asList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 16, but no signature specified in existing model
- ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 201
- ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at lines 202
- ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at lines 203
- ["java.util", "Map", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 174, but no signature specified in existing model
- ["java.util", "Map", True, "entrySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 170, but no signature specified in existing model
- ["java.util", "Map", True, "entrySet", "()", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 171, but no signature specified in existing model
- ["java.util", "Map", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 215
- ["java.util", "Map", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 177
- ["java.util", "Map", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 209
- ["java.util", "Map$Entry", True, "getKey", "()", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 216, but no signature specified in existing model
- ["java.util", "Map$Entry", True, "getValue", "()", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 217, but no signature specified in existing model
- ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
- ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
- ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
- ["java.util", "HashMap", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.get() above through subtyping
- ["java.util", "Optional", False, "orElse", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 273, but no signature specified in existing model
- ["java.util", "Optional", False, "orElse", "(Object)", "", "Argument[0]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 274, but no signature specified in existing model
- ["java.util", "Optional", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 269, but no signature specified in existing model
- ["java.util", "Optional", False, "ofNullable", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 270, but no signature specified in existing model
- ["java.util", "Optional", False, "get", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 264, but no signature specified in existing model
- ["java.util", "Optional", False, "ifPresent", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 265, but no signature specified in existing model
- ["java.util", "Optional", False, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 267, but no signature specified in existing model
- ["java.util", "Optional", False, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 268, but no signature specified in existing model
- ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 24
- ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 25
- ["java.util.stream", "Stream", True, "findFirst", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 27
- ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 45
- ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 46
- ["java.util.stream", "Stream", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED (extra one from Michael's list): already modelled in java.util.stream.model.yml at line 33
# - ["java.util.stream", "Stream", True, "collect", "(Collector)", "", "", "", "value", "manual"] # **UNSUPPORTED**: noted in java.util.stream.model.yml at line 19 that "collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD"
- ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 40
- ["java.lang", "String", False, "trim", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 81, but no signature specified in existing model
- ["java.lang", "String", False, "substring", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 75, but no signature specified in existing model
- ["java.lang", "String", False, "substring", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 75, but no signature specified in existing model
- ["java.lang", "String", False, "replace", "(CharSequence,CharSequence)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 64, but no signature specified in existing model
- ["java.lang", "String", False, "replace", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 65, but no signature specified in existing model
- ["java.lang", "String", False, "split", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 70, but no signature specified in existing model
- ["java.lang", "String", False, "toLowerCase", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 77, but no signature specified in existing model
- ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 53
- ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 54
- ["java.lang", "StringBuilder", False, "append", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(char)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(Object)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(int)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuilder", False, "append", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
- ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
- ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.io.model.yml at line 60, but no signature specified in existing model
- ["java.nio.file", "Path", True, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **COLLISION** (both supported and unsupported per initial telemetry query): already modelled in java.nio.file.model.yml at line 29, but no signature specified in existing model
- ["java.io", "PrintWriter", False, "write", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row, modelled by Writer.write in java.io.model.yml at line 86 through subtyping
# - ["java.util", "Objects", False, "requireNonNull", "(Object,String)", "", "Argument[0]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 255, but no signature specified in existing model
# - ["java.util", "Collection", True, "stream", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 50
# - ["java.util", "Collections", False, "singletonList", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 74
# - ["java.util", "Iterator", True, "next", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 135, but no signature specified in existing model
# - ["java.util", "Set", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping
# - ["java.util", "List", True, "get", "(int)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 143
# - ["java.util", "List", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 145
# - ["java.util", "List", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping. Note: List.add(int,Object) is modelled in java.util.model.yml at line 140, seems unnecessary if Collection.add() is modelled
# - ["java.util", "List", True, "addAll", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.addAll() in java.util.model.yml at line 48 through subtyping. Note: List.addAll(int,Collection) is modelled in java.util.model.yml at line 141, seems unnecessary if Collection.addAll() is modelled
# - ["java.util", "ArrayList", True, "add", "(Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # SUPPORTED: no MaD row, modelled by Collection.add() in java.util.model.yml at line 47 through subtyping
# - ["java.util", "ArrayList", False, "ArrayList", "(Collection)", "", "Argument[0].Element", "Argument[-1].Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 15
# - ["java.util", "Arrays", False, "asList", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 16, but no signature specified in existing model
# - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 201
# - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at lines 202
# - ["java.util", "Map", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at lines 203
# - ["java.util", "Map", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 174, but no signature specified in existing model
# - ["java.util", "Map", True, "entrySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element.MapKey", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 170, but no signature specified in existing model
# - ["java.util", "Map", True, "entrySet", "()", "", "Argument[-1].MapValue", "ReturnValue.Element.MapValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 171, but no signature specified in existing model
# - ["java.util", "Map", True, "values", "()", "", "Argument[-1].MapValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 215
# - ["java.util", "Map", True, "keySet", "()", "", "Argument[-1].MapKey", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 177
# - ["java.util", "Map", True, "remove", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 209
# - ["java.util", "Map$Entry", True, "getKey", "()", "", "Argument[-1].MapKey", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 216, but no signature specified in existing model
# - ["java.util", "Map$Entry", True, "getValue", "()", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 217, but no signature specified in existing model
# - ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
# - ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[0]", "Argument[-1].MapKey", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
# - ["java.util", "HashMap", True, "put", "(Object,Object)", "", "Argument[1]", "Argument[-1].MapValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.put() above through subtyping
# - ["java.util", "HashMap", True, "get", "(Object)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # SUPPORTED: no MaD row, modelled by Map.get() above through subtyping
# - ["java.util", "Optional", False, "orElse", "(Object)", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 273, but no signature specified in existing model
# - ["java.util", "Optional", False, "orElse", "(Object)", "", "Argument[0]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 274, but no signature specified in existing model
# - ["java.util", "Optional", False, "of", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 269, but no signature specified in existing model
# - ["java.util", "Optional", False, "ofNullable", "(Object)", "", "Argument[0]", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 270, but no signature specified in existing model
# - ["java.util", "Optional", False, "get", "()", "", "Argument[-1].Element", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 264, but no signature specified in existing model
# - ["java.util", "Optional", False, "ifPresent", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 265, but no signature specified in existing model
# - ["java.util", "Optional", False, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 267, but no signature specified in existing model
# - ["java.util", "Optional", False, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.model.yml at line 268, but no signature specified in existing model
# - ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 24
# - ["java.util.stream", "Stream", True, "filter", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 25
# - ["java.util.stream", "Stream", True, "findFirst", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 27
# - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 45
# - ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 46
# - ["java.util.stream", "Stream", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED (extra one from Michael's list): already modelled in java.util.stream.model.yml at line 33
# # - ["java.util.stream", "Stream", True, "collect", "(Collector)", "", "", "", "value", "manual"] # **UNSUPPORTED**: noted in java.util.stream.model.yml at line 19 that "collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD"
# - ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 40
# - ["java.lang", "String", False, "trim", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 81, but no signature specified in existing model
# - ["java.lang", "String", False, "substring", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 75, but no signature specified in existing model
# - ["java.lang", "String", False, "substring", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 75, but no signature specified in existing model
# - ["java.lang", "String", False, "replace", "(CharSequence,CharSequence)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 64, but no signature specified in existing model
# - ["java.lang", "String", False, "replace", "(CharSequence,CharSequence)", "", "Argument[1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 65, but no signature specified in existing model
# - ["java.lang", "String", False, "split", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 70, but no signature specified in existing model
# - ["java.lang", "String", False, "toLowerCase", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 77, but no signature specified in existing model
# - ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 53
# - ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 54
# - ["java.lang", "StringBuilder", False, "append", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(char)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(char)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(Object)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(Object)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(int)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuilder", False, "append", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
# - ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
# - ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.io.model.yml at line 60, but no signature specified in existing model
# - ["java.nio.file", "Path", True, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **COLLISION** (both supported and unsupported per initial telemetry query): already modelled in java.nio.file.model.yml at line 29, but no signature specified in existing model
# - ["java.io", "PrintWriter", False, "write", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row, modelled by Writer.write in java.io.model.yml at line 86 through subtyping
# TODO: Deal with the below... :'(
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: already modelled in java.lang.model.yml at lines 82-84 for other signatures (Tony wants this one)
- ["java.lang", "StringBuilder", "toString", "()", "manual"] # SUPPORTED: modelled in java.lang.model.yml at line 34 through AbstractStringBuilder.toString subtyping
- ["java.lang", "String", False, "charAt", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: per Anders: "We may want this as a general model, and we've discussed it before without a clear-cut answer, I believe."
@@ -102,8 +106,8 @@ extensions:
pack: codeql/java-all
extensible: extNegativeSummaryModel
data:
# COMMENT OUT ONCE MOVED TO `<packagename>.model.yml` FILE
# namespace; type; name; signature; provenance (5)
# COMMENT OUT ONCE MOVED TO `<packagename>.model.yml` FILE
# - ["java.util", "Objects", "equals", "(Object,Object)", "manual"] # UNSUPPORTED: type as sanitizer
# - ["java.util", "Collection", "size", "()", "manual"] # UNSUPPORTED: type as sanitizer
# - ["java.util", "Collections", "emptyList", "()", "manual"] # UNSUPPORTED: just gives an emptylist
@@ -122,9 +126,7 @@ extensions:
# - ["java.util", "UUID", "randomUUID", "()", "manual"] # UNSUPPORTED: just gives UUID, no flow
# - ["java.util", "UUID", "toString", "()", "manual"] # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
# - ["java.util", "Objects", "hash", "(Object[])", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
# - ["java.util.stream", "Collectors", "toList", "()", "manual"] # UNSUPPORTED: shouldn't have a model per Anders
# - ["java.lang", "Object", "toString", "()", "manual"] # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
# - ["java.lang", "Object", "equals", "(Object)", "manual"] # **COLLISION** (both supported and unsupported per initial telemetry query): type as sanitizer
# - ["java.lang", "Object", "getClass", "()", "manual"] # UNSUPPORTED: only returns the class of the object, no dataflow?

101
java/ql/test/ext/TopJdkApis/TopJdkApis-100.csv Normal file
View File

@@ -0,0 +1,101 @@
message,_col1
"java.lang.StringBuilder#append(String)",
"java.util.List#get(int)",
"java.util.List#add(Object)",
"java.util.Map#put(Object,Object)",
"java.lang.String#equals(Object)",
"java.util.Map#get(Object)",
"java.util.List#size()",
"java.util.Collection#stream()",
"java.lang.Object#getClass()",
"java.util.stream.Stream#collect(Collector)",
"java.util.Objects#equals(Object,Object)",
"java.lang.String#format(String,Object\[\])",
"java.util.stream.Stream#map(Function)",
"java.lang.Throwable#getMessage()",
"java.util.Arrays#asList(Object\[\])",
"java.lang.String#equalsIgnoreCase(String)",
"java.util.List#isEmpty()",
"java.util.Set#add(Object)",
"java.util.HashMap#put(Object,Object)",
"java.util.stream.Collectors#toList()",
"java.lang.StringBuilder#append(char)",
"java.util.stream.Stream#filter(Predicate)",
"java.lang.String#length()",
"java.lang.Enum#name()",
"java.lang.Object#toString()",
"java.util.Optional#get()",
"java.lang.StringBuilder#toString()",
"java.lang.IllegalArgumentException#IllegalArgumentException(String)",
"java.lang.Class#getName()",
"java.lang.Enum#Enum(String,int)",
"java.io.PrintWriter#write(String)",
"java.util.Entry#getValue()",
"java.util.Entry#getKey()",
"java.util.Iterator#next()",
"java.lang.Object#hashCode()",
"java.util.Optional#orElse(Object)",
"java.lang.StringBuffer#append(String)",
"java.util.Collections#singletonList(Object)",
"java.lang.Iterable#forEach(Consumer)",
"java.util.Optional#of(Object)",
"java.lang.String#contains(CharSequence)",
"java.util.ArrayList#add(Object)",
"java.util.Optional#ofNullable(Object)",
"java.util.Collections#emptyList()",
"java.math.BigDecimal#BigDecimal(String)",
"java.lang.System#currentTimeMillis()",
"java.lang.Object#equals(Object)",
"java.util.Map#containsKey(Object)",
"java.util.Optional#isPresent()",
"java.lang.String#trim()",
"java.util.List#addAll(Collection)",
"java.util.Set#contains(Object)",
"java.util.Optional#map(Function)",
"java.util.Map#entrySet()",
"java.util.Optional#empty()",
"java.lang.Integer#parseInt(String)",
"java.lang.String#startsWith(String)",
"java.lang.IllegalStateException#IllegalStateException(String)",
"java.lang.Enum#equals(Object)",
"java.util.Iterator#hasNext()",
"java.util.List#contains(Object)",
"java.lang.String#substring(int,int)",
"java.util.List#of(Object)",
"java.util.Objects#hash(Object\[\])",
"java.lang.RuntimeException#RuntimeException(String)",
"java.lang.String#isEmpty()",
"java.lang.String#replace(CharSequence,CharSequence)",
"java.util.Set#size()",
"java.io.File#File(String)",
"java.lang.StringBuilder#append(Object)",
"java.lang.String#split(String)",
"java.util.Map#values()",
"java.util.UUID#randomUUID()",
"java.util.ArrayList#ArrayList(Collection)",
"java.util.Map#keySet()",
"java.sql.ResultSet#getString(String)",
"java.lang.String#hashCode()",
"java.lang.Throwable#Throwable(Throwable)",
"java.util.HashMap#get(Object)",
"java.lang.Class#getSimpleName()",
"java.util.Set#isEmpty()",
"java.util.Map#size()",
"java.lang.String#substring(int)",
"java.util.Map#remove(Object)",
"java.lang.Throwable#printStackTrace()",
"java.util.stream.Stream#findFirst()",
"java.util.Optional#ifPresent(Consumer)",
"java.lang.String#valueOf(Object)",
"java.lang.String#toLowerCase()",
"java.util.UUID#toString()",
"java.lang.StringBuilder#append(int)",
"java.util.Objects#requireNonNull(Object,String)",
"java.nio.file.Path#resolve(String)",
"java.lang.Enum#toString()",
"java.lang.RuntimeException#RuntimeException(Throwable)",
"java.util.Collection#size()",
"java.lang.String#charAt(int)",
"java.util.stream.Stream#forEach(Consumer)",
"java.util.Map#isEmpty()",
"java.lang.String#valueOf(int)"
Can't render this file because it has a wrong number of fields in line 101.

106
java/ql/test/ext/TopJdkApis/TopJdkApis.qll Normal file
View File

@@ -0,0 +1,106 @@
/** Provides classes and predicates for the Top JDK APIs. */
import java
private import semmle.code.java.dataflow.FlowSummary
private import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
private import semmle.code.java.dataflow.ExternalFlow // for paramsString
// Note: from ExternalApi.qll for getting the api name returned in the telemetry query results
// /**
// * Gets information about the external API in the form expected by the CSV modeling framework.
// */
// string getApiName() {
// result =
// this.getDeclaringType().getPackage() + "." + this.getDeclaringType().getSourceDeclaration() +
// "#" + this.getName() + paramsString(this)
// }
class TopJdkApi extends Callable {
TopJdkApi() {
// (
// this instanceof SummarizedCallable or
// this instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable
// ) and
// top 101 jdk apis
//this.asCallable().getQualifiedName() in ["java.util.Set.add"]
exists(string api |
api =
this.getDeclaringType().getPackage() + "." + this.getDeclaringType().getSourceDeclaration() +
"#" + this.getName() + paramsString(this) and
api in [
"java.lang.StringBuilder#append(String)", "java.util.List#get(int)",
"java.util.List#add(Object)", "java.util.Map#put(Object,Object)",
"java.lang.String#equals(Object)", "java.util.Map#get(Object)", "java.util.List#size()",
"java.util.Collection#stream()", "java.lang.Object#getClass()",
"java.util.stream.Stream#collect(Collector)", "java.util.Objects#equals(Object,Object)",
"java.lang.String#format(String,Object[])", "java.util.stream.Stream#map(Function)",
"java.lang.Throwable#getMessage()", "java.util.Arrays#asList(Object[])",
"java.lang.String#equalsIgnoreCase(String)", "java.util.List#isEmpty()",
"java.util.Set#add(Object)", "java.util.HashMap#put(Object,Object)",
"java.util.stream.Collectors#toList()", "java.lang.StringBuilder#append(char)",
"java.util.stream.Stream#filter(Predicate)", "java.lang.String#length()",
"java.lang.Enum#name()", "java.lang.Object#toString()", "java.util.Optional#get()",
"java.lang.StringBuilder#toString()",
"java.lang.IllegalArgumentException#IllegalArgumentException(String)",
"java.lang.Class#getName()", "java.lang.Enum#Enum(String,int)",
"java.io.PrintWriter#write(String)", "java.util.Entry#getValue()",
"java.util.Entry#getKey()", "java.util.Iterator#next()", "java.lang.Object#hashCode()",
"java.util.Optional#orElse(Object)", "java.lang.StringBuffer#append(String)",
"java.util.Collections#singletonList(Object)", "java.lang.Iterable#forEach(Consumer)",
"java.util.Optional#of(Object)", "java.lang.String#contains(CharSequence)",
"java.util.ArrayList#add(Object)", "java.util.Optional#ofNullable(Object)",
"java.util.Collections#emptyList()", "java.math.BigDecimal#BigDecimal(String)",
"java.lang.System#currentTimeMillis()", "java.lang.Object#equals(Object)",
"java.util.Map#containsKey(Object)", "java.util.Optional#isPresent()",
"java.lang.String#trim()", "java.util.List#addAll(Collection)",
"java.util.Set#contains(Object)", "java.util.Optional#map(Function)",
"java.util.Map#entrySet()", "java.util.Optional#empty()",
"java.lang.Integer#parseInt(String)", "java.lang.String#startsWith(String)",
"java.lang.IllegalStateException#IllegalStateException(String)",
"java.lang.Enum#equals(Object)", "java.util.Iterator#hasNext()",
"java.util.List#contains(Object)", "java.lang.String#substring(int,int)",
"java.util.List#of(Object)", "java.util.Objects#hash(Object[])",
"java.lang.RuntimeException#RuntimeException(String)", "java.lang.String#isEmpty()",
"java.lang.String#replace(CharSequence,CharSequence)", "java.util.Set#size()",
"java.io.File#File(String)", "java.lang.StringBuilder#append(Object)",
"java.lang.String#split(String)", "java.util.Map#values()", "java.util.UUID#randomUUID()",
"java.util.ArrayList#ArrayList(Collection)", "java.util.Map#keySet()",
"java.sql.ResultSet#getString(String)", "java.lang.String#hashCode()",
"java.lang.Throwable#Throwable(Throwable)", "java.util.HashMap#get(Object)",
"java.lang.Class#getSimpleName()", "java.util.Set#isEmpty()", "java.util.Map#size()",
"java.lang.String#substring(int)", "java.util.Map#remove(Object)",
"java.lang.Throwable#printStackTrace()", "java.util.stream.Stream#findFirst()",
"java.util.Optional#ifPresent(Consumer)", "java.lang.String#valueOf(Object)",
"java.lang.String#toLowerCase()", "java.util.UUID#toString()",
"java.lang.StringBuilder#append(int)", "java.util.Objects#requireNonNull(Object,String)",
"java.nio.file.Path#resolve(String)", "java.lang.Enum#toString()",
"java.lang.RuntimeException#RuntimeException(Throwable)", "java.util.Collection#size()",
"java.lang.String#charAt(int)", "java.util.stream.Stream#forEach(Consumer)",
"java.util.Map#isEmpty()", "java.lang.String#valueOf(int)"
]
)
}
/** Holds if this API has a supported summary model. */
private predicate hasSummary() { this = any(SummarizedCallable sc).asCallable() }
/** Holds if this API has a supported neutral model. */
private predicate hasNeutral() {
this = any(FlowSummaryImpl::Public::NegativeSummarizedCallable nsc).asCallable()
}
// ! note: the below will hold for either manual or generated models, should I restrict to just manual?
/** Holds if this API has a MaD model. */
predicate hasMadModel() { this.hasSummary() or this.hasNeutral() }
}
// class TopJdkApiSummary extends SummarizedCallableBase {
// TopJdkApiSummary() {
// this instanceof SummarizedCallable and
// this.asCallable().getQualifiedName() in ["java.util.Objects."]
// }
// }
// class TopJdkApiNeutral extends SummarizedCallableBase {
// TopJdkApiNeutral() {
// this instanceof FlowSummaryImpl::Public::NegativeSummarizedCallable and
// this.asCallable().getCompilationUnit().getPackage().getName() = "java.util"
// }
// }

1
java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected Normal file
View File

@@ -0,0 +1 @@
| 87 |

14
java/ql/test/ext/TopJdkApis/TopJdkApisTest.java Normal file
View File

@@ -0,0 +1,14 @@
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Objects;
import java.util.UUID;
import java.util.stream.Collectors;
import java.util.Map;
import java.util.HashMap;
import java.math.BigDecimal;
import java.sql.ResultSet;
import java.lang.System;
import java.lang.IllegalStateException;
public class TopJdkApisTest { }

43
java/ql/test/ext/TopJdkApis/TopJdkApisTest.ql Normal file
View File

@@ -0,0 +1,43 @@
import java
import semmle.code.java.dataflow.FlowSummary
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
import semmle.code.java.dataflow.ExternalFlow // for paramsString
import TopJdkApis
// from SummarizedCallable sc //, FlowSummaryImpl::Public::NegativeSummarizedCallable nsc
// where
// // sc.asCallable().getDeclaringType().getName() = "String" and
// // sc.asCallable().getName() = "format" and
// // sc.asCallable().getQualifiedName() = "java.lang.String.format" and
// sc.asCallable().getDeclaringType().getPackage() + "." +
// sc.asCallable().getDeclaringType().getSourceDeclaration() + "#" + sc.asCallable().getName() +
// paramsString(sc.asCallable()) = "java.lang.String#format(String,Object[])"
// select sc, sc.asCallable().getQualifiedName(),
// /*
// * sc.asCallable().paramsString(),
// * sc.asCallable().getSignature(), sc.asCallable().getStringSignature(),
// * sc.asCallable().getDeclaringType().getSourceDeclaration(),
// */
// sc.asCallable().getDeclaringType().getPackage() + "." +
// sc.asCallable().getDeclaringType().getSourceDeclaration() + "#" + sc.asCallable().getName() +
// paramsString(sc.asCallable())
// * get string representation of al modelled topjdkapis
// from TopJdkApi t, string api
// where
// /*t.hasMadModel() and*/
// api =
// t.getDeclaringType().getPackage() + "." + t.getDeclaringType().getSourceDeclaration() + "#" +
// t.getName() + paramsString(t)
// select api order by api
// * get count of all modelled topjdkapis
select count(string api |
exists(TopJdkApi t |
/*t.hasMadModel() and*/
api =
t.getDeclaringType().getPackage() + "." + t.getDeclaringType().getSourceDeclaration() + "#" +
t.getName() + paramsString(t)
)
)
// from TopJdkApi t
// where t.hasMadModel()
// select t order by t

0
java/ql/test/ext/TopJdkApis/TopJdkApisTest.qlref Normal file
View File