hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-02 12:15:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: resolve more conflicts

Browse Source
This commit is contained in:
Jami Cogswell
2023-03-23 18:00:14 -04:00
parent 275634e907
commit 17e0920325
22 changed files with 214 additions and 102 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
java/ql/lib/ext/java.sql.model.yml
View File

@@ -21,10 +21,8 @@ extensions:
extensible: summaryModel
data:
- ["java.sql", "Connection", True, "nativeSQL", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.sql", "PreparedStatement", True, "executeQuery", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! this should maybe be a neutral model, not sure if this really counts as "flow through"...
- ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[this]", "value", "manual"]
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.sql", "ResultSet", True, "getTimestamp", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/java-all
@@ -32,7 +30,10 @@ extensions:
data:
- ["java.sql", "Connection", "createStatement", "()", "manual"]
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "manual"]
- ["java.sql", "PreparedStatement", "executeQuery", "()", "manual"]
- ["java.sql", "ResultSet", "next", "()", "manual"]
- ["java.sql", "Statement", "close", "()", "manual"]
# The below APIs have numeric flow and are currently being stored as neutral models.
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "manual"] # value-numeric
@@ -41,5 +42,6 @@ extensions:
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "Timestamp", "(long)", "manual"] # taint-numeric
- ["java.sql", "Timestamp", "getTime", "()", "manual"] # taint-numeric