hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Java: add summary model and test for File.getName

Browse Source
This commit is contained in:
Jami Cogswell
2023-01-03 13:12:24 -05:00
parent 939279af38
commit 21a018e5c5
2 changed files with 5 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/lib/ext/java.io.model.yml
View File

@@ -63,6 +63,7 @@ extensions:
- ["java.io", "File", True, "getAbsolutePath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "getCanonicalFile", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "getCanonicalPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "getName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "toPath", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- ["java.io", "File", True, "toURI", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
@@ -91,4 +92,3 @@ extensions:
extensible: neutralModel
data:
- ["java.io", "File", "exists", "()", "manual"]
- ["java.io", "File", "getName", "()", "manual"] # ! unsure if should be neutral model

4
java/ql/test/ext/TestModels/Test.java
View File

@@ -1,4 +1,5 @@
import java.io.IOException;
import java.io.File;
import java.math.BigDecimal;
import java.sql.Connection;
import java.sql.DriverManager;
@@ -60,6 +61,9 @@ public class Test {
Exception e1 = new IOException((String)source());
sink((String)e1.getMessage()); // $hasValueFlow
File f = (File)source();
sink(f.getName()); // $hasTaintFlow
// java.lang
Exception e2 = new Exception((String)source());
sink((String)e2.getMessage()); // $hasValueFlow