mirror of
https://github.com/github/codeql.git
synced 2026-04-30 03:05:15 +02:00
Add missing models and other minor improvements per Marcono1234's review
This commit is contained in:
Chris Smowton
@@ -12,6 +12,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;XMLXsiTypeConverter;true;convert;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;CDL;false;rowToJSONObject;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;CDL;false;toString;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;Cookie;false;escape;;;Argument[0];ReturnValue;taint",
|
||||
@@ -60,7 +61,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONArray;false;optNumber;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;optQuery;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;optString;;;Argument[-1];ReturnValue;taint",
|
||||
// Default values that may be returned by the `opt*` functions above:
|
||||
// Default values that may be returned by the `opt*` methods above:
|
||||
"org.json;JSONArray;false;optBigDecimal;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;optBigInteger;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;optBoolean;;;Argument[1];ReturnValue;value",
|
||||
@@ -71,6 +72,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONArray;false;optLong;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;optNumber;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;optString;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;put;(boolean);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;put;(Collection);;Element of Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;put;(double);;Argument[0];Argument[-1];taint",
|
||||
@@ -89,11 +91,13 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONArray;false;put;(int,Map);;MapKey of Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;put;(int,Map);;MapValue of Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;put;(int,Object);;Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONArray;false;putAll;(Collection);;Element of Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;putAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;putAll;(JSONArray);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;putAll;(Object);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;toJSONObject;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONArray;false;toList;;;Argument[0];Element of ReturnValue;taint",
|
||||
@@ -114,9 +118,11 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONObject;false;JSONObject;(String);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;JSONObject;(String,Locale);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;doubleToString;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;entrySet;;;Argument[-1];Element of ReturnValue;taint",
|
||||
"org.json;JSONObject;true;entrySet;;;Argument[-1];Element of ReturnValue;taint",
|
||||
"org.json;JSONObject;false;get;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;getBigDecimal;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;getBigInteger;;;Argument[-1];ReturnValue;taint",
|
||||
@@ -132,6 +138,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONObject;false;getNumber;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;getString;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;keys;;;Argument[-1];Element of ReturnValue;taint",
|
||||
"org.json;JSONObject;false;keySet;;;Argument[-1];Element of ReturnValue;taint",
|
||||
"org.json;JSONObject;false;names;;;Argument[-1];ReturnValue;taint", // Returns a JSONArray, hence this has no Element qualifier or similar
|
||||
@@ -150,7 +157,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONObject;false;optNumber;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;optQuery;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;optString;;;Argument[-1];ReturnValue;taint",
|
||||
// Default values that may be returned by the `opt*` functions above:
|
||||
// Default values that may be returned by the `opt*` methods above:
|
||||
"org.json;JSONObject;false;optBigDecimal;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;optBigInteger;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;optBoolean;;;Argument[1];ReturnValue;value",
|
||||
@@ -161,6 +168,7 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONObject;false;optLong;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;optNumber;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;optString;;;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;put;(String,boolean);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;put;(String,Collection);;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;put;(String,double);;Argument[0];Argument[-1];taint",
|
||||
@@ -178,12 +186,15 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONObject;false;put;(String,Map);;MapKey of Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;put;(String,Map);;MapValue of Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;put;(String,Object);;Argument[1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint",
|
||||
"org.json;JSONObject;false;query;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;quote;(String);;Argument[0];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;quote;(String,Writer);;Argument[0];Argument[1];taint",
|
||||
"org.json;JSONObject;false;quote;(String,Writer);;Argument[1];ReturnValue;value",
|
||||
"org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;toJSONArray;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONObject;false;toMap;;;Argument[-1];MapKey of ReturnValue;taint",
|
||||
@@ -202,14 +213,15 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONPointer$Builder;false;append;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONPointer$Builder;false;build;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONStringer;false;toString;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;nextClean;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;nextString;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;nextTo;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;nextValue;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;false;toString;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint",
|
||||
// The following model doesn't work yet due to lack of support for reverse taint flow:
|
||||
"org.json;JSONWriter;true;JSONWriter;;;Argument[-1];Argument[0];taint",
|
||||
"org.json;JSONWriter;true;key;;;Argument[0];Argument[-1];taint",
|
||||
"org.json;JSONWriter;true;value;;;Argument[0];Argument[-1];taint",
|
||||
@@ -220,14 +232,14 @@ private class FlowModels extends SummaryModelCsv {
|
||||
"org.json;JSONWriter;true;key;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONWriter;true;object;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;JSONWriter;true;value;;;Argument[-1];ReturnValue;value",
|
||||
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
|
||||
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
|
||||
"org.json;Property;false;toJSONObject;;;MapKey of Argument[0];ReturnValue;taint",
|
||||
"org.json;Property;false;toJSONObject;;;MapValue of Argument[0];ReturnValue;taint",
|
||||
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
|
||||
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
|
||||
"org.json;XML;false;escape;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;XML;false;stringToValue;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;XML;false;toJSONObject;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;XML;false;toString;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint",
|
||||
"org.json;XML;false;unescape;;;Argument[0];ReturnValue;taint",
|
||||
"org.json;XMLTokener;false;XMLTokener;;;Argument[0];Argument[-1];taint",
|
||||
"org.json;XMLTokener;false;nextCDATA;;;Argument[-1];ReturnValue;taint",
|
||||
|
||||
@@ -47,7 +47,7 @@ public class Test {
|
||||
Object source() { return null; }
|
||||
void sink(Object o) { }
|
||||
|
||||
public void test() throws Exception {
|
||||
public void test() {
|
||||
|
||||
{
|
||||
// "org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint"
|
||||
@@ -70,6 +70,13 @@ public class Test {
|
||||
out = CDL.rowToJSONObject(in, null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = CDL.rowToString(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint"
|
||||
JSONArray out = null;
|
||||
@@ -725,6 +732,118 @@ public class Test {
|
||||
out.put(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(false);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0L);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0.0f);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0.0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, false);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, 0L);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, 0.0f);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, 0.0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, 0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, (Object)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, (Map)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0, (Collection)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put(0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put((Object)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put((Map)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.put((Collection)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;putAll;(Collection);;Element of Argument[0];Argument[-1];taint"
|
||||
JSONArray out = null;
|
||||
@@ -753,6 +872,34 @@ public class Test {
|
||||
out.putAll(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.putAll((Object)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.putAll((JSONArray)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.putAll((Iterable)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value"
|
||||
JSONArray out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.putAll((Collection)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint"
|
||||
Object out = null;
|
||||
@@ -767,6 +914,13 @@ public class Test {
|
||||
out = in.query((JSONPointer)null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint"
|
||||
Object out = null;
|
||||
JSONArray in = (JSONArray)source();
|
||||
out = in.remove(0);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint"
|
||||
JSONObject out = null;
|
||||
@@ -960,6 +1114,13 @@ public class Test {
|
||||
out = new JSONObject(in, (Locale)null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.accumulate(null, null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint"
|
||||
JSONObject out = null;
|
||||
@@ -974,6 +1135,13 @@ public class Test {
|
||||
out.accumulate(null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.append(null, null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint"
|
||||
JSONObject out = null;
|
||||
@@ -1073,16 +1241,16 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;getNames;;;Argument[-1];ArrayElement of ReturnValue;taint"
|
||||
// "org.json;JSONObject;false;getNames;;;Argument[0];ArrayElement of ReturnValue;taint"
|
||||
String[] out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
Object in = (Object)source();
|
||||
out = JSONObject.getNames(in);
|
||||
sink(getArrayElement(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;getNames;;;Argument[-1];ArrayElement of ReturnValue;taint"
|
||||
// "org.json;JSONObject;false;getNames;;;Argument[0];ArrayElement of ReturnValue;taint"
|
||||
String[] out = null;
|
||||
Object in = source();
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = JSONObject.getNames(in);
|
||||
sink(getArrayElement(out)); // $ hasTaintFlow
|
||||
}
|
||||
@@ -1100,6 +1268,13 @@ public class Test {
|
||||
out = in.getString(null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.increment(null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint"
|
||||
JSONObject out = null;
|
||||
@@ -1495,6 +1670,69 @@ public class Test {
|
||||
out.put((String)null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, false);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, 0L);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, 0.0f);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, 0.0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, 0);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, (Object)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, (Map)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.put((String)null, (Collection)null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.putOnce(null, null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint"
|
||||
JSONObject out = null;
|
||||
@@ -1509,6 +1747,13 @@ public class Test {
|
||||
out.putOnce(null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value"
|
||||
JSONObject out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.putOpt(null, null);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint"
|
||||
JSONObject out = null;
|
||||
@@ -1558,6 +1803,13 @@ public class Test {
|
||||
out = JSONObject.quote(null, in);
|
||||
sink(out); // $ hasValueFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint"
|
||||
Object out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = in.remove(null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint"
|
||||
Object out = null;
|
||||
@@ -1730,84 +1982,84 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
// "org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
JSONTokener out = null;
|
||||
String in = (String)source();
|
||||
out = new JSONTokener(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
// "org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
JSONTokener out = null;
|
||||
Reader in = (Reader)source();
|
||||
out = new JSONTokener(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
// "org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint"
|
||||
JSONTokener out = null;
|
||||
InputStream in = (InputStream)source();
|
||||
out = new JSONTokener(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint"
|
||||
char out = 'a';
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.next();
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint"
|
||||
char out = 'a';
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.next('a');
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.next(0);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;nextClean;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint"
|
||||
char out = 'a';
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.nextClean();
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;nextString;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.nextString('a');
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;nextTo;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.nextTo((String)null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;nextTo;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.nextTo('a');
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;nextValue;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint"
|
||||
Object out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.nextValue();
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
JSONException out = null;
|
||||
Throwable in = (Throwable)source();
|
||||
JSONTokener instance = null;
|
||||
@@ -1815,7 +2067,7 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
JSONException out = null;
|
||||
String in = (String)source();
|
||||
JSONTokener instance = null;
|
||||
@@ -1823,7 +2075,7 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint"
|
||||
JSONException out = null;
|
||||
String in = (String)source();
|
||||
JSONTokener instance = null;
|
||||
@@ -1831,7 +2083,7 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;JSONTokener;false;toString;;;Argument[-1];ReturnValue;taint"
|
||||
// "org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint"
|
||||
String out = null;
|
||||
JSONTokener in = (JSONTokener)source();
|
||||
out = in.toString();
|
||||
@@ -1942,20 +2194,6 @@ public class Test {
|
||||
out = JSONWriter.valueToString(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;Property;false;toJSONObject;;;Argument[0];MapKey of ReturnValue;taint"
|
||||
Properties out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = Property.toProperties(in);
|
||||
sink(getMapKey(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint"
|
||||
Properties out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = Property.toProperties(in);
|
||||
sink(getMapValue(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;Property;false;toJSONObject;;;MapKey of Argument[0];ReturnValue;taint"
|
||||
JSONObject out = null;
|
||||
@@ -1970,6 +2208,20 @@ public class Test {
|
||||
out = Property.toJSONObject(in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint"
|
||||
Properties out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = Property.toProperties(in);
|
||||
sink(getMapKey(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint"
|
||||
Properties out = null;
|
||||
JSONObject in = (JSONObject)source();
|
||||
out = Property.toProperties(in);
|
||||
sink(getMapValue(out)); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;escape;;;Argument[0];ReturnValue;taint"
|
||||
String out = null;
|
||||
@@ -2034,21 +2286,35 @@ public class Test {
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;toString;;;Argument[0];ReturnValue;taint"
|
||||
// "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint"
|
||||
String out = null;
|
||||
String in = (String)source();
|
||||
out = XML.toString(null, in, null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint"
|
||||
String out = null;
|
||||
String in = (String)source();
|
||||
out = XML.toString(null, in);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint"
|
||||
String out = null;
|
||||
Object in = (Object)source();
|
||||
out = XML.toString(in, null, null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;toString;;;Argument[0];ReturnValue;taint"
|
||||
// "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint"
|
||||
String out = null;
|
||||
Object in = (Object)source();
|
||||
out = XML.toString(in, null);
|
||||
sink(out); // $ hasTaintFlow
|
||||
}
|
||||
{
|
||||
// "org.json;XML;false;toString;;;Argument[0];ReturnValue;taint"
|
||||
// "org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint"
|
||||
String out = null;
|
||||
Object in = (Object)source();
|
||||
out = XML.toString(in);
|
||||
|
||||
Reference in New Issue
Block a user