mirror of
https://github.com/github/codeql.git
synced 2025-12-17 01:03:14 +01:00
Java: resolve more conflicts
This commit is contained in:
Jami Cogswell
@@ -3,7 +3,8 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # ! signature as "" instead?
|
||||
- ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
|
||||
- ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "ReturnValue", "value", "manual"]
|
||||
- ["java.awt", "Container", True, "add", "(Component,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
|
||||
|
||||
- addsTo:
|
||||
|
||||
@@ -69,7 +69,9 @@ extensions:
|
||||
- ["java.io", "File", True, "getCanonicalFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "getCanonicalPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", False, "getPath", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! True versus False (maybe it's private/hidden?).. (and neutral instead?)
|
||||
- ["java.io", "File", True, "getParentFile", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "getPath", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "listFiles", "()", "", "Argument[-1]", "ReturnValue.ArrayElement", "taint", "manual"]
|
||||
- ["java.io", "File", True, "toPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.io", "File", True, "toURI", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
@@ -90,7 +92,7 @@ extensions:
|
||||
- ["java.io", "OutputStream", True, "write", "(int)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["java.io", "Reader", True, "read", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
|
||||
- ["java.io", "StringReader", False, "StringReader", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["java.io", "StringWriter", False, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! currently supported by taintPreservingQualifierToMethod?
|
||||
- ["java.io", "StringWriter", False, "toString", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! keep an eye on this one for FP flow, already modeled in `taintPreservingQualifierToMethod` predicate?
|
||||
- ["java.io", "UncheckedIOException", False, "UncheckedIOException", "(IOException)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
|
||||
- ["java.io", "Writer", True, "write", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- addsTo:
|
||||
@@ -98,16 +100,15 @@ extensions:
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.io", "Closeable", "close", "()", "manual"]
|
||||
- ["java.io", "DataOutput", "writeBoolean", "(boolean)", "manual"]
|
||||
- ["java.io", "File", "delete", "()", "manual"]
|
||||
- ["java.io", "File", "exists", "()", "manual"]
|
||||
- ["java.io", "File", "getParentFile", "()", "manual"] # ! little unsure about this as a neutral
|
||||
- ["java.io", "File", "isFile", "()", "manual"]
|
||||
- ["java.io", "File", "length", "()", "manual"]
|
||||
- ["java.io", "File", "listFiles", "()", "manual"] # ! little unsure about this as a neutral
|
||||
- ["java.io", "File", "isDirectory", "()", "manual"]
|
||||
- ["java.io", "File", "mkdirs", "()", "manual"]
|
||||
- ["java.io", "InputStream", "close", "()", "manual"]
|
||||
- ["java.io", "OutputStream", "flush", "()", "manual"] # ! little unsure about this as a neutral, but not sure how to represent output if summary model...
|
||||
- ["java.io", "OutputStream", "flush", "()", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
|
||||
@@ -108,30 +108,33 @@ extensions:
|
||||
- ["java.lang", "String", False, "valueOf", "(char)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "valueOf", "(char[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "String", False, "valueOf", "(char[],int,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
# ! why do below have subtype=True for constructors?
|
||||
- ["java.lang", "StringBuffer", True, "StringBuffer", "(CharSequence)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
|
||||
- ["java.lang", "StringBuilder", False, "delete", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
|
||||
- ["java.lang", "System", False, "getenv", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # ! neutral instead?
|
||||
- ["java.lang", "System", False, "getenv", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! really unsure about this...; neutral instead? -- or unmodelled
|
||||
- ["java.lang", "Thread", False, "Thread", "(Runnable)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # ! neutral instead?
|
||||
- ["java.lang", "Thread", False, "Thread", "(Runnable)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
|
||||
- ["java.lang", "Thread", False, "Thread", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Thread.name]", "value", "manual"]
|
||||
- ["java.lang", "Thread", True, "getName", "()", "", "Argument[-1].SyntheticField[java.lang.Thread.name]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "ThreadLocal", True, "get", "()", "", "Argument[-1].SyntheticField[java.lang.ThreadLocal.value]", "ReturnValue", "value", "manual"] # ! not sure if this model is correct, and if should be neutral model instead
|
||||
- ["java.lang", "ThreadLocal", True, "get", "()", "", "Argument[-1].SyntheticField[java.lang.ThreadLocal.value]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "ThreadLocal", True, "set", "(Object)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.ThreadLocal.value]", "value", "manual"]
|
||||
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
|
||||
- ["java.lang", "Throwable", False, "Throwable", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "value", "manual"]
|
||||
- ["java.lang", "Throwable", True, "getCause", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "Throwable", True, "getMessage", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "Throwable", True, "getLocalizedMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"] # ! should the field used be different?
|
||||
- ["java.lang", "Throwable", True, "toString", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "taint", "manual"] # ! little unsure about this one...
|
||||
- ["java.lang", "Throwable", True, "getLocalizedMessage", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
|
||||
- ["java.lang", "Throwable", True, "toString", "()", "", "Argument[-1].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "taint", "manual"] # ! watch for FPs
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.lang", "AbstractStringBuilder", "length", "()", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setCharAt", "(int,char)", "manual"] # ! char manipulation not interesting? (or interesting since could set many chars... prbly switch to summary model)
|
||||
- ["java.lang", "AbstractStringBuilder", "setLength", "(int)", "manual"] # ! summary?
|
||||
- ["java.lang", "AbstractStringBuilder", "setCharAt", "(int,char)", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setLength", "(int)", "manual"]
|
||||
- ["java.lang", "Boolean", "booleanValue", "()", "manual"]
|
||||
- ["java.lang", "Boolean", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Boolean", "parseBoolean", "(String)", "manual"]
|
||||
- ["java.lang", "Boolean", "valueOf", "(boolean)", "manual"]
|
||||
- ["java.lang", "CharSequence", "length", "()", "manual"]
|
||||
- ["java.lang", "Class", "forName", "(String)", "manual"]
|
||||
@@ -179,18 +182,17 @@ extensions:
|
||||
- ["java.lang", "String", "valueOf", "(boolean)", "manual"]
|
||||
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]
|
||||
- ["java.lang", "System", "exit", "(int)", "manual"]
|
||||
- ["java.lang", "System", "getenv", "(String)", "manual"]
|
||||
- ["java.lang", "System", "identityHashCode", "(Object)", "manual"]
|
||||
- ["java.lang", "System", "lineSeparator", "()", "manual"] # ! double-check...
|
||||
- ["java.lang", "System", "lineSeparator", "()", "manual"]
|
||||
- ["java.lang", "System", "nanoTime", "()", "manual"]
|
||||
- ["java.lang", "Thread", "currentThread", "()", "manual"]
|
||||
- ["java.lang", "Thread", "getContextClassLoader", "()", "manual"] # ! summary instead?
|
||||
- ["java.lang", "Thread", "getContextClassLoader", "()", "manual"]
|
||||
- ["java.lang", "Thread", "interrupt", "()", "manual"]
|
||||
- ["java.lang", "Thread", "sleep", "(long)", "manual"]
|
||||
- ["java.lang", "Thread", "start", "()", "manual"]
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.lang", "Boolean", "booleanValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Boolean", "parseBoolean", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "doubleToLongBits", "(double)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "parseDouble", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "valueOf", "(double)", "manual"] # taint-numeric
|
||||
@@ -198,23 +200,17 @@ extensions:
|
||||
- ["java.lang", "Integer", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "parseInt", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toHexString", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toString", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toString", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "valueOf", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "valueOf", "(String)", "manual"] # taint-numeric # ! should probably make this and others like it have a "" signature instead...
|
||||
- ["java.lang", "Integer", "toString", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "Long", "(long)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "longValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "parseLong", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "toString", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "toString", "(long)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "valueOf", "(long)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "valueOf", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Math", "max", "(int,int)", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "max", "(long,long)", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "min", "(int,int)", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "min", "(long,long)", "manual"] # value-numeric
|
||||
- ["java.lang", "Number", "doubleValue", "()", "manual"] # taint-numeric # ! remove others that could rely on subtyping through Number instead? (e.g. Double, Integer, etc.)
|
||||
- ["java.lang", "Long", "toString", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Math", "max", "", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "min", "", "manual"] # value-numeric
|
||||
- ["java.lang", "Number", "doubleValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "longValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "String", "valueOf", "(int)", "manual"] # taint-numeric
|
||||
|
||||
@@ -1,14 +1,9 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.lang.reflect", "Constructor", False, "newInstance", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Parameter", "value", "manual"] # ! unsure about input/output
|
||||
- ["java.lang.reflect", "Field", False, "get", "(Object)", "", "Argument[0].Field", "ReturnValue", "value", "manual"] # ! very unsure about
|
||||
- ["java.lang.reflect", "Method", False, "invoke", "(Object,Object[])", "", "Argument[1].ArrayElement", "Argument[-1].Parameter[0]", "value", "manual"] # ! very unsure if this model is correct...
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.lang.reflect", "Method", "getName", "()", "manual"] # ! seems uninteresting flow to me, but maybe double-check
|
||||
- ["java.lang.reflect", "Constructor", "newInstance", "(Object[])", "manual"]
|
||||
- ["java.lang.reflect", "Field", "get", "(Object)", "manual"]
|
||||
- ["java.lang.reflect", "Method", "getName", "()", "manual"]
|
||||
- ["java.lang.reflect", "Method", "invoke", "(Object,Object[])", "manual"]
|
||||
|
||||
@@ -7,8 +7,7 @@ extensions:
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.math", "BigDecimal", "BigDecimal", "(int)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "BigDecimal", "(String)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "BigDecimal", "", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "add", "(BigDecimal)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "doubleValue", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "intValue", "()", "manual"] # taint-numeric
|
||||
@@ -17,8 +16,7 @@ extensions:
|
||||
- ["java.math", "BigDecimal", "subtract", "(BigDecimal)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toBigInteger", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toString", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "valueOf", "(double)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "valueOf", "(long)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "BigInteger", "(String)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "or", "(BigInteger)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "valueOf", "(long)", "manual"] # taint-numeric
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.nio.charset", "Charset", False, "name", "()", "", "Argument[-1].SyntheticField[java.nio.charset.Charset.canonicalName]", "ReturnValue", "value", "manual"]
|
||||
- ["java.nio.charset", "Charset", "name", "()", "manual"]
|
||||
|
||||
@@ -44,9 +44,8 @@ extensions:
|
||||
- ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
|
||||
- ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
# ! should Path have subtyping of False for all methods instead? Why is `toFile` different?
|
||||
- ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.nio.file", "Path", False, "getFileName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! maybe need more field flow?
|
||||
- ["java.nio.file", "Path", True, "getFileName", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
|
||||
- ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
|
||||
- ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
|
||||
|
||||
@@ -11,6 +11,6 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.nio", "Buffer", "position", "()", "manual"] # ! maybe should be summary?
|
||||
- ["java.nio", "Buffer", "position", "()", "manual"]
|
||||
- ["java.nio", "Buffer", "remaining", "()", "manual"]
|
||||
- ["java.nio", "ByteBuffer", "allocate", "(int)", "manual"]
|
||||
|
||||
@@ -21,10 +21,8 @@ extensions:
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.sql", "Connection", True, "nativeSQL", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.sql", "PreparedStatement", True, "executeQuery", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! this should maybe be a neutral model, not sure if this really counts as "flow through"...
|
||||
- ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[this]", "value", "manual"]
|
||||
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.sql", "ResultSet", True, "getTimestamp", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
@@ -32,7 +30,10 @@ extensions:
|
||||
data:
|
||||
- ["java.sql", "Connection", "createStatement", "()", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeQuery", "()", "manual"]
|
||||
- ["java.sql", "ResultSet", "next", "()", "manual"]
|
||||
- ["java.sql", "Statement", "close", "()", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "manual"] # value-numeric
|
||||
@@ -41,5 +42,6 @@ extensions:
|
||||
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "Timestamp", "(long)", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "getTime", "()", "manual"] # taint-numeric
|
||||
|
||||
@@ -3,10 +3,9 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.text", "DateFormat", True, "parse", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! maybe not interesting flow and should be neutral model?
|
||||
- ["java.text", "Format", True, "format", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! would cover DateFormat.format below through subtyping...
|
||||
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! not sure I did this right
|
||||
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # ! not sure I did this right
|
||||
- ["java.text", "Format", True, "format", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
@@ -15,4 +14,5 @@ extensions:
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.text", "DateFormat", "format", "(Date)", "manual"] # taint-numeric
|
||||
- ["java.text", "DateFormat", "parse", "(String)", "manual"] # taint-numeric
|
||||
- ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"] # taint-numeric
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.time.chrono", "ChronoZonedDateTime", False, "toInstant", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! neutral?
|
||||
- ["java.time.chrono", "ChronoZonedDateTime", "toInstant", "()", "manual"]
|
||||
|
||||
@@ -1,7 +1,7 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.time.format", "DateTimeFormatter", False, "format", "(TemporalAccessor)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! neutral?
|
||||
- ["java.time.format", "DateTimeFormatter", False, "ofPattern", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! neutral?
|
||||
- ["java.time.format", "DateTimeFormatter", "format", "(TemporalAccessor)", "manual"]
|
||||
- ["java.time.format", "DateTimeFormatter", "ofPattern", "(String)", "manual"]
|
||||
|
||||
@@ -1,12 +1,4 @@
|
||||
extensions:
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.time", "Duration", False, "ofSeconds", "(long)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! maybe not interesting flow and should be neutral model?
|
||||
- ["java.time", "Instant", False, "parse", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! mmaybe should be neutral since time-related?
|
||||
- ["java.time", "LocalDate", False, "parse", "(CharSequence)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
|
||||
- addsTo:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
@@ -22,9 +14,12 @@ extensions:
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.time", "Duration", "ofMillis", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofMinutes", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofSeconds", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "toMillis", "()", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "ofEpochMilli", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "parse", "(CharSequence)", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "toEpochMilli", "()", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "plusDays", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "of", "(int,int,int)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "parse", "(CharSequence)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDateTime", "of", "(int,int,int,int,int,int)", "manual"] # taint-numeric
|
||||
|
||||
@@ -21,7 +21,7 @@ extensions:
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "AtomicInteger", "(int)", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "get", "()", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "incrementAndGet", "()", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "AtomicLong", "(long)", "manual"] # value-numeric # ! this is supposedly already supported per the telemetry query, LOOK INTO WHY/HOW
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "AtomicLong", "(long)", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "addAndGet", "(long)", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "get", "()", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "incrementAndGet", "()", "manual"] # taint-numeric
|
||||
|
||||
@@ -17,14 +17,13 @@ extensions:
|
||||
- ["java.util.concurrent", "BlockingQueue", True, "poll", "(long,TimeUnit)", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
|
||||
- ["java.util.concurrent", "BlockingQueue", True, "put", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util.concurrent", "BlockingQueue", True, "take", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "complete", "(Object)", "", "Argument[0]", "Argument[-1].SyntheticField[java.util.concurrent.CompletableFuture.value]", "value", "manual"] # ! not sure about CompleteableFuture ones
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "completedFuture", "(Object)", "", "Argument[0]", "ReturnValue.SyntheticField[java.util.concurrent.CompletableFuture.value]", "value", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "get", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.CompletableFuture.value]", "ReturnValue", "value", "manual"] # ! not sure if using SyntheticField is correct here; also, should prbly remove this for `Future.get` below's subtyping to handle.
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "join", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.CompletableFuture.value]", "ReturnValue", "value", "manual"] # ! not sure if using SyntheticField is correct here
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "complete", "(Object)", "", "Argument[0]", "Argument[-1].SyntheticField[java.util.concurrent.Future.value]", "value", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "completedFuture", "(Object)", "", "Argument[0]", "ReturnValue.SyntheticField[java.util.concurrent.Future.value]", "value", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", False, "join", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.Future.value]", "ReturnValue", "value", "manual"]
|
||||
- ["java.util.concurrent", "CompletionStage", False, "toCompletableFuture", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.util.concurrent", "ConcurrentHashMap", True, "elements", "()", "", "Argument[this].MapValue", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util.concurrent", "ExecutorService", True, "submit", "(Runnable)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.util.concurrent", "Future", True, "get", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.Future.value]", "ReturnValue", "value", "manual"] # ! not sure if using SyntheticField is correct here
|
||||
- ["java.util.concurrent", "Future", True, "get", "()", "", "Argument[-1].SyntheticField[java.util.concurrent.Future.value]", "ReturnValue", "value", "manual"]
|
||||
- ["java.util.concurrent", "TransferQueue", True, "transfer", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util.concurrent", "TransferQueue", True, "tryTransfer", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util.concurrent", "TransferQueue", True, "tryTransfer", "(Object,long,TimeUnit)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
@@ -33,10 +32,9 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.concurrent", "CompletableFuture", "completeExceptionally", "(Throwable)", "manual"] # ! summary?
|
||||
- ["java.util.concurrent", "CompletableFuture", "completeExceptionally", "(Throwable)", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", "isDone", "()", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "await", "()", "manual"] # ! combine with below, "" as signature
|
||||
- ["java.util.concurrent", "CountDownLatch", "await", "(long,TimeUnit)", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "await", "", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "countDown", "()", "manual"]
|
||||
- ["java.util.concurrent", "Executor", "execute", "(Runnable)", "manual"]
|
||||
- ["java.util.concurrent", "ExecutorService", "shutdown", "()", "manual"]
|
||||
|
||||
@@ -9,6 +9,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.function", "BiConsumer", "accept", "(Object,Object)", "manual"] # ! remove this model?
|
||||
- ["java.util.function", "BiFunction", "apply", "(Object,Object)", "manual"] # ! remove this model?
|
||||
- ["java.util.function", "Function", "identity", "()", "manual"] # ! remove this model?
|
||||
- ["java.util.function", "Function", "identity", "()", "manual"]
|
||||
|
||||
@@ -41,7 +41,8 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: summaryModel
|
||||
data:
|
||||
- ["java.util.logging", "Logger", False, "getLogger", "(String)", "", "Argument[0]", "ReturnValue.SyntheticField[java.util.logging.Logger.name]", "value", "manual"] # ! not sure if using SyntheticField here is correct...
|
||||
- ["java.util.logging", "Logger", False, "getLogger", "(String)", "", "Argument[0]", "ReturnValue.SyntheticField[java.util.logging.Logger.name]", "value", "manual"]
|
||||
- ["java.util.logging", "Logger", False, "getName", "()", "", "Argument[-1].SyntheticField[java.util.logging.Logger.name]", "ReturnValue", "value", "manual"]
|
||||
- ["java.util.logging", "LogRecord", False, "LogRecord", "", "", "Argument[1]", "Argument[this]", "taint", "manual"]
|
||||
|
||||
- addsTo:
|
||||
|
||||
@@ -124,7 +124,8 @@ extensions:
|
||||
- ["java.util", "EnumMap", False, "EnumMap", "(Map)", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]
|
||||
- ["java.util", "Enumeration", True, "asIterator", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util", "Enumeration", True, "nextElement", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
|
||||
- ["java.util", "EventObject", True, "getSource", "()", "", "Argument[-1].Field[java.util.EventObject.source]", "ReturnValue", "value", "manual"] # ! double-check
|
||||
- ["java.util", "EventObject", False, "EventObject", "(Object)", "", "Argument[0]", "Argument[-1].Field[java.util.EventObject.source]", "value", "manual"]
|
||||
- ["java.util", "EventObject", True, "getSource", "()", "", "Argument[-1].Field[java.util.EventObject.source]", "ReturnValue", "value", "manual"]
|
||||
- ["java.util", "HashMap", False, "HashMap", "(Map)", "", "Argument[0].MapKey", "Argument[this].MapKey", "value", "manual"]
|
||||
- ["java.util", "HashMap", False, "HashMap", "(Map)", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]
|
||||
- ["java.util", "HashSet", False, "HashSet", "(Collection)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
|
||||
@@ -161,7 +162,6 @@ extensions:
|
||||
- ["java.util", "ListIterator", True, "add", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "ListIterator", True, "previous", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
|
||||
- ["java.util", "ListIterator", True, "set", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "Locale", False, "forLanguageTag", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! neutral?
|
||||
- ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
|
||||
- ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[1].ReturnValue", "Argument[this].MapValue", "value", "manual"]
|
||||
- ["java.util", "Map", True, "computeIfAbsent", "", "", "Argument[1].ReturnValue", "ReturnValue", "value", "manual"]
|
||||
@@ -178,7 +178,6 @@ extensions:
|
||||
- ["java.util", "Map", True, "getOrDefault", "", "", "Argument[1]", "ReturnValue", "value", "manual"]
|
||||
- ["java.util", "Map", True, "keySet", "()", "", "Argument[this].MapKey", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util", "Map", True, "merge", "(Object,Object,BiFunction)", "", "Argument[1]", "Argument[this].MapValue", "value", "manual"]
|
||||
# ! difference between formatting of below versus `List.of` above?
|
||||
- ["java.util", "Map", False, "of", "", "", "Argument[0]", "ReturnValue.MapKey", "value", "manual"]
|
||||
- ["java.util", "Map", False, "of", "", "", "Argument[10]", "ReturnValue.MapKey", "value", "manual"]
|
||||
- ["java.util", "Map", False, "of", "", "", "Argument[11]", "ReturnValue.MapValue", "value", "manual"]
|
||||
@@ -350,7 +349,6 @@ extensions:
|
||||
- ["java.util", "TreeMap", False, "TreeMap", "(SortedMap)", "", "Argument[0].MapValue", "Argument[this].MapValue", "value", "manual"]
|
||||
- ["java.util", "TreeSet", False, "TreeSet", "(Collection)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "TreeSet", False, "TreeSet", "(SortedSet)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "UUID", False, "fromString", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
|
||||
- ["java.util", "Vector", False, "Vector", "(Collection)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "Vector", True, "addElement", "(Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
|
||||
- ["java.util", "Vector", True, "copyInto", "(Object[])", "", "Argument[this].Element", "Argument[0].ArrayElement", "value", "manual"]
|
||||
@@ -370,34 +368,30 @@ extensions:
|
||||
- ["java.util", "ArrayList", "ArrayList", "(int)", "manual"]
|
||||
- ["java.util", "ArrayList", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "ArrayList", "size", "()", "manual"]
|
||||
- ["java.util", "Arrays", "toString", "(Object[])", "manual"] # ! should this have a summary model after all? (or unwanted model due to too much FP flow?)
|
||||
- ["java.util", "Arrays", "toString", "(Object[])", "manual"]
|
||||
- ["java.util", "Calendar", "getInstance", "()", "manual"]
|
||||
- ["java.util", "Collection", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "Collection", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Collection", "removeIf", "(Predicate)", "manual"] # ! WithoutElement comment? (double-check if it returns anything, etc.)
|
||||
- ["java.util", "Collection", "size", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptyList", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptyMap", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptySet", "()", "manual"]
|
||||
- ["java.util", "Collections", "sort", "(List)", "manual"] # ! summary model instead?
|
||||
- ["java.util", "Collections", "sort", "(List,Comparator)", "manual"] # ! summary model instead?
|
||||
- ["java.util", "Comparator", "comparing", "(Function)", "manual"] # ! seems complex (functional interface), should maybe not have any model?
|
||||
- ["java.util", "Collections", "sort", "", "manual"]
|
||||
- ["java.util", "Enumeration", "hasMoreElements", "()", "manual"]
|
||||
- ["java.util", "HashMap", "containsKey", "(Object)", "manual"]
|
||||
- ["java.util", "HashMap", "HashMap", "(int)", "manual"]
|
||||
- ["java.util", "HashMap", "size", "()", "manual"]
|
||||
- ["java.util", "HashSet", "HashSet", "(int)", "manual"]
|
||||
- ["java.util", "Iterator", "hasNext", "()", "manual"]
|
||||
- ["java.util", "Iterator", "remove", "()", "manual"] # ! WithoutElement comment? (double-check if it returns anything, etc.)
|
||||
- ["java.util", "List", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "List", "equals", "(Object)", "manual"]
|
||||
- ["java.util", "List", "hashCode", "()", "manual"]
|
||||
- ["java.util", "List", "indexOf", "(Object)", "manual"]
|
||||
- ["java.util", "List", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "List", "of", "()", "manual"]
|
||||
- ["java.util", "List", "sort", "(Comparator)", "manual"] # ! summary model instead?
|
||||
- ["java.util", "List", "remove", "(Object)", "manual"] # ! WithoutElement comment? (actually, see above, is this already modeled for a different signature?)
|
||||
- ["java.util", "List", "sort", "(Comparator)", "manual"]
|
||||
- ["java.util", "List", "size", "()", "manual"]
|
||||
- ["java.util", "Locale", "forLanguageTag", "(String)", "manual"]
|
||||
- ["java.util", "Map", "containsKey", "(Object)", "manual"]
|
||||
- ["java.util", "Map", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Map", "size", "()", "manual"]
|
||||
@@ -412,10 +406,9 @@ extensions:
|
||||
- ["java.util", "Random", "nextInt", "(int)", "manual"]
|
||||
- ["java.util", "Set", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "Set", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Set", "remove", "(Object)", "manual"] # ! WithoutElement comment? (double-check if it returns anything, etc.)
|
||||
- ["java.util", "Set", "removeAll", "(Collection)", "manual"] # ! WithoutElement comment? (double-check if it returns anything, etc.)
|
||||
- ["java.util", "Set", "size", "()", "manual"]
|
||||
- ["java.util", "UUID", "equals", "(Object)", "manual"]
|
||||
- ["java.util", "UUID", "fromString", "(String)", "manual"]
|
||||
- ["java.util", "UUID", "randomUUID", "()", "manual"]
|
||||
- ["java.util", "UUID", "toString", "()", "manual"]
|
||||
- ["java.util", "TimeZone", "getTimeZone", "(String)", "manual"]
|
||||
@@ -423,9 +416,14 @@ extensions:
|
||||
|
||||
# The below APIs are currently being stored as neutral models since `WithoutElement` has not yet been implemented for Java.
|
||||
# When `WithoutElement` is implemented, these should be changed to summary models of the form `Argument[this].WithoutElement -> Argument[this]`.
|
||||
- ["java.util", "Collection", "removeIf", "(Predicate)", "manual"]
|
||||
- ["java.util", "Iterator", "remove", "()", "manual"]
|
||||
- ["java.util", "List", "clear", "()", "manual"]
|
||||
- ["java.util", "List", "remove", "(Object)", "manual"]
|
||||
- ["java.util", "Map", "clear", "()", "manual"]
|
||||
- ["java.util", "Set", "clear", "()", "manual"]
|
||||
- ["java.util", "Set", "remove", "(Object)", "manual"]
|
||||
- ["java.util", "Set", "removeAll", "(Collection)", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
|
||||
@@ -9,8 +9,7 @@ extensions:
|
||||
- ["java.util.stream", "BaseStream", True, "sequential", "()", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util.stream", "BaseStream", True, "spliterator", "()", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util.stream", "BaseStream", True, "unordered", "()", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
|
||||
- ["java.util.stream", "IntStream", False, "range", "(int,int)", "", "Argument[0..1]", "ReturnValue.Element", "value", "manual"] # ! this one is a bit odd, is it correct to have it as a summary model?; not interesting because Int stream?=neutral?
|
||||
- ["java.util.stream", "Stream", True, "allMatch", "(Predicate)", "", "Argument[this].Element", "Argument[0].Parameter[0]", "value", "manual"] # ! neutral instead?
|
||||
- ["java.util.stream", "Stream", True, "allMatch", "(Predicate)", "", "Argument[this].Element", "Argument[0].Parameter[0]", "value", "manual"]
|
||||
- ["java.util.stream", "Stream", True, "anyMatch", "(Predicate)", "", "Argument[this].Element", "Argument[0].Parameter[0]", "value", "manual"]
|
||||
- ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[this].Element", "Argument[1].Parameter[1]", "value", "manual"]
|
||||
- ["java.util.stream", "Stream", True, "collect", "(Supplier,BiConsumer,BiConsumer)", "", "Argument[0].ReturnValue", "Argument[1].Parameter[0]", "value", "manual"]
|
||||
@@ -95,5 +94,9 @@ extensions:
|
||||
data:
|
||||
- ["java.util.stream", "Collectors", "toList", "()", "manual"]
|
||||
- ["java.util.stream", "Collectors", "toSet", "()", "manual"]
|
||||
- ["java.util.stream", "IntStream", "mapToObj", "(IntFunction)", "manual"]
|
||||
- ["java.util.stream", "Stream", "count", "()", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.util.stream", "IntStream", "mapToObj", "(IntFunction)", "manual"] # taint-numeric
|
||||
- ["java.util.stream", "IntStream", "range", "(int,int)", "manual"] # taint-numeric
|
||||
|
||||
@@ -1,14 +1,24 @@
|
||||
import java.io.IOException;
|
||||
import java.io.File;
|
||||
import java.awt.*;
|
||||
import java.io.*;
|
||||
import java.math.BigDecimal;
|
||||
import java.net.URL;
|
||||
import java.nio.file.Path;
|
||||
import java.sql.Connection;
|
||||
import java.sql.DriverManager;
|
||||
import java.sql.PreparedStatement;
|
||||
import java.sql.ResultSet;
|
||||
import java.text.Format;
|
||||
import java.text.MessageFormat;
|
||||
import java.util.EventObject;
|
||||
import java.util.Locale;
|
||||
import java.util.ResourceBundle;
|
||||
import java.util.StringJoiner;
|
||||
import java.util.concurrent.*;
|
||||
import java.util.concurrent.atomic.AtomicReference;
|
||||
import java.util.function.Function;
|
||||
import java.util.function.Supplier;
|
||||
import java.util.logging.Logger;
|
||||
import java.util.regex.Pattern;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
public class Test {
|
||||
@@ -81,5 +91,115 @@ public class Test {
|
||||
StringJoiner sj2 = (StringJoiner)source();
|
||||
sink(sj2.add("test")); // $hasTaintFlow
|
||||
}
|
||||
|
||||
// top 300-500 JDK APIs tests
|
||||
{
|
||||
|
||||
// java.awt
|
||||
Container container = new Container();
|
||||
sink(container.add((Component)source())); // $hasValueFlow
|
||||
|
||||
// java.io
|
||||
File f1 = (File)source();
|
||||
sink(f1.getParentFile()); // $hasTaintFlow
|
||||
|
||||
File f2 = (File)source();
|
||||
sink(f2.getPath()); // $hasTaintFlow
|
||||
|
||||
File f3 = (File)source();
|
||||
sink(f3.listFiles()); // $hasTaintFlow
|
||||
|
||||
FileInputStream fis = new FileInputStream((File)source());
|
||||
sink(fis); // $hasTaintFlow
|
||||
|
||||
StringWriter sw = (StringWriter)source();
|
||||
sink(sw.toString()); // $hasTaintFlow
|
||||
|
||||
Exception e = new UncheckedIOException((IOException)source());
|
||||
sink((Throwable)e.getCause()); // $hasValueFlow
|
||||
|
||||
// java.net
|
||||
URL url = (URL)source();
|
||||
sink(url.toURI()); // $hasTaintFlow
|
||||
|
||||
// java.nio.file
|
||||
Path p = (Path)source();
|
||||
sink(p.getFileName()); // $hasTaintFlow
|
||||
|
||||
// java.util.concurrent.atomic
|
||||
AtomicReference ar = new AtomicReference();
|
||||
ar.set(source());
|
||||
sink(ar.get()); // $hasValueFlow
|
||||
|
||||
// java.util.concurrent
|
||||
// `ThreadPoolExecutor` implements the `java.util.concurrent.ExecutorService` interface
|
||||
ThreadPoolExecutor tpe = new ThreadPoolExecutor(0, 0, 0, null, null);
|
||||
sink(tpe.submit((Runnable)source())); // $hasTaintFlow
|
||||
|
||||
CompletionStage cs = (CompletionStage)source();
|
||||
sink(cs.toCompletableFuture()); // $hasTaintFlow
|
||||
|
||||
CompletableFuture cf1 = new CompletableFuture();
|
||||
cf1.complete(source());
|
||||
sink(cf1.get()); // $hasValueFlow
|
||||
sink(cf1.join()); // $hasValueFlow
|
||||
|
||||
CompletableFuture cf2 = CompletableFuture.completedFuture(source());
|
||||
sink(cf2.get()); // $hasValueFlow
|
||||
sink(cf2.join()); // $hasValueFlow
|
||||
|
||||
// java.util.logging
|
||||
Logger logger = Logger.getLogger((String)source());
|
||||
sink(logger.getName()); // $hasValueFlow
|
||||
|
||||
// java.util.regex
|
||||
Pattern pattern = Pattern.compile((String)source());
|
||||
sink(pattern); // $hasTaintFlow
|
||||
|
||||
// java.util
|
||||
EventObject eventObj = new EventObject(source());
|
||||
sink(eventObj.getSource()); // $hasValueFlow
|
||||
|
||||
// java.text
|
||||
Format mf1 = new MessageFormat("test");
|
||||
sink(mf1.format(source())); // $hasTaintFlow
|
||||
|
||||
String mf2 = MessageFormat.format((String)source(), null);
|
||||
sink(mf2); // $hasTaintFlow
|
||||
|
||||
String mf3 = MessageFormat.format("test", source());
|
||||
sink(mf3); // $hasTaintFlow
|
||||
|
||||
// java.lang
|
||||
AssertionError assertErr = new AssertionError(source());
|
||||
sink((String)assertErr.getMessage()); // $hasValueFlow
|
||||
|
||||
sink(Test.class.cast(source())); // $hasTaintFlow
|
||||
|
||||
Exception excep1 = new Exception((String)source(), (Throwable)source());
|
||||
sink((String)excep1.getMessage()); // $hasValueFlow
|
||||
sink((Throwable)excep1.getCause()); // $hasValueFlow
|
||||
|
||||
Exception excep2 = new NullPointerException((String)source());
|
||||
sink((String)excep2.getMessage()); // $hasValueFlow
|
||||
|
||||
StringBuilder sb = (StringBuilder)source();
|
||||
sink(sb.delete(0, 1)); // $hasTaintFlow
|
||||
|
||||
Thread thread1 = new Thread((Runnable)source());
|
||||
sink(thread1); // $hasTaintFlow
|
||||
|
||||
Thread thread2 = new Thread((String)source());
|
||||
sink(thread2.getName()); // $hasValueFlow
|
||||
|
||||
ThreadLocal threadloc = new ThreadLocal();
|
||||
threadloc.set(source());
|
||||
sink(threadloc.get()); // $hasValueFlow
|
||||
|
||||
Throwable th = new Throwable((String)source());
|
||||
sink((String)th.getLocalizedMessage()); // $hasValueFlow
|
||||
sink(th.toString()); // $hasTaintFlow
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -273,7 +273,8 @@ predicate topJdkApiName(string apiName) {
|
||||
"java.lang.Number#intValue()", "java.io.File#length()",
|
||||
"java.lang.AbstractStringBuilder#setCharAt(int,char)", "java.util.Set#removeAll(Collection)",
|
||||
"java.io.File#listFiles()", "java.lang.ClassLoader#getResourceAsStream(String)",
|
||||
"java.util.Date#toInstant()", "java.util.Queue#add(Object)", "java.io.File#isFile()"
|
||||
"java.util.Date#toInstant()", "java.util.Queue#add(Object)", "java.io.File#isFile()",
|
||||
"java.sql.Statement#close()", "java.io.DataOutput#writeBoolean(boolean)"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -309,6 +310,9 @@ class TopJdkApi extends SummarizedCallableBase {
|
||||
* `java.lang.System#getProperty(String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
|
||||
* `java.lang.System#setProperty(String,String)`: needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
|
||||
* `java.lang.Throwable#printStackTrace()`: should probably not be a general step, but there might be specialised queries that care
|
||||
* `java.util.Comparator#comparing(Function)`: lambda flow
|
||||
* `java.util.function.BiConsumer#accept(Object,Object)`: specialized lambda flow
|
||||
* `java.util.function.BiFunction#apply(Object,Object)`: specialized lambda flow
|
||||
* `java.util.function.Consumer#accept(Object)`: specialized lambda flow
|
||||
* `java.util.function.Function#apply(Object)`: specialized lambda flow
|
||||
* `java.util.function.Supplier#get()`: lambda flow
|
||||
|
||||
@@ -2,6 +2,9 @@
|
||||
| java.lang.System#getProperty(String) | no manual model |
|
||||
| java.lang.System#setProperty(String,String) | no manual model |
|
||||
| java.lang.Throwable#printStackTrace() | no manual model |
|
||||
| java.util.Comparator#comparing(Function) | no manual model |
|
||||
| java.util.function.BiConsumer#accept(Object,Object) | no manual model |
|
||||
| java.util.function.BiFunction#apply(Object,Object) | no manual model |
|
||||
| java.util.function.Consumer#accept(Object) | no manual model |
|
||||
| java.util.function.Function#apply(Object) | no manual model |
|
||||
| java.util.function.Supplier#get() | no manual model |
|
||||
|
||||
Reference in New Issue
Block a user