hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add missing models and other minor improvements per Marcono1234's review

Browse Source
This commit is contained in:
Chris Smowton
2021-07-27 16:03:39 +01:00
parent 40173f7abb
commit 23de0859ea
2 changed files with 329 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

40
java/ql/src/semmle/code/java/frameworks/JsonJava.qll
View File

@@ -12,6 +12,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;XMLXsiTypeConverter;true;convert;;;Argument[0];ReturnValue;taint",
"org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint",
"org.json;CDL;false;rowToJSONObject;;;Argument[0..1];ReturnValue;taint",
"org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint",
"org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint",
"org.json;CDL;false;toString;;;Argument[0..1];ReturnValue;taint",
"org.json;Cookie;false;escape;;;Argument[0];ReturnValue;taint",
@@ -60,7 +61,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONArray;false;optNumber;;;Argument[-1];ReturnValue;taint",
"org.json;JSONArray;false;optQuery;;;Argument[-1];ReturnValue;taint",
"org.json;JSONArray;false;optString;;;Argument[-1];ReturnValue;taint",
// Default values that may be returned by the `opt*` functions above:
// Default values that may be returned by the `opt*` methods above:
"org.json;JSONArray;false;optBigDecimal;;;Argument[1];ReturnValue;value",
"org.json;JSONArray;false;optBigInteger;;;Argument[1];ReturnValue;value",
"org.json;JSONArray;false;optBoolean;;;Argument[1];ReturnValue;value",
@@ -71,6 +72,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONArray;false;optLong;;;Argument[1];ReturnValue;value",
"org.json;JSONArray;false;optNumber;;;Argument[1];ReturnValue;value",
"org.json;JSONArray;false;optString;;;Argument[1];ReturnValue;value",
"org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value",
"org.json;JSONArray;false;put;(boolean);;Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;put;(Collection);;Element of Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;put;(double);;Argument[0];Argument[-1];taint",
@@ -89,11 +91,13 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONArray;false;put;(int,Map);;MapKey of Argument[1];Argument[-1];taint",
"org.json;JSONArray;false;put;(int,Map);;MapValue of Argument[1];Argument[-1];taint",
"org.json;JSONArray;false;put;(int,Object);;Argument[1];Argument[-1];taint",
"org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value",
"org.json;JSONArray;false;putAll;(Collection);;Element of Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;putAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;putAll;(JSONArray);;Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;putAll;(Object);;Argument[0];Argument[-1];taint",
"org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint",
"org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint",
"org.json;JSONArray;false;toJSONObject;;;Argument[0];ReturnValue;taint",
"org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint",
"org.json;JSONArray;false;toList;;;Argument[0];Element of ReturnValue;taint",
@@ -114,9 +118,11 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONObject;false;JSONObject;(String);;Argument[0];Argument[-1];taint",
"org.json;JSONObject;false;JSONObject;(String,Locale);;Argument[0];Argument[-1];taint",
"org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint",
"org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint",
"org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;doubleToString;;;Argument[0];ReturnValue;taint",
"org.json;JSONObject;false;entrySet;;;Argument[-1];Element of ReturnValue;taint",
"org.json;JSONObject;true;entrySet;;;Argument[-1];Element of ReturnValue;taint",
"org.json;JSONObject;false;get;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;getBigDecimal;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;getBigInteger;;;Argument[-1];ReturnValue;taint",
@@ -132,6 +138,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONObject;false;getNumber;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;getString;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint",
"org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;keys;;;Argument[-1];Element of ReturnValue;taint",
"org.json;JSONObject;false;keySet;;;Argument[-1];Element of ReturnValue;taint",
"org.json;JSONObject;false;names;;;Argument[-1];ReturnValue;taint", // Returns a JSONArray, hence this has no Element qualifier or similar
@@ -150,7 +157,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONObject;false;optNumber;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;optQuery;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;optString;;;Argument[-1];ReturnValue;taint",
// Default values that may be returned by the `opt*` functions above:
// Default values that may be returned by the `opt*` methods above:
"org.json;JSONObject;false;optBigDecimal;;;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;optBigInteger;;;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;optBoolean;;;Argument[1];ReturnValue;value",
@@ -161,6 +168,7 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONObject;false;optLong;;;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;optNumber;;;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;optString;;;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;put;(String,boolean);;Argument[0];Argument[-1];taint",
"org.json;JSONObject;false;put;(String,Collection);;Argument[0];Argument[-1];taint",
"org.json;JSONObject;false;put;(String,double);;Argument[0];Argument[-1];taint",
@@ -178,12 +186,15 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONObject;false;put;(String,Map);;MapKey of Argument[1];Argument[-1];taint",
"org.json;JSONObject;false;put;(String,Map);;MapValue of Argument[1];Argument[-1];taint",
"org.json;JSONObject;false;put;(String,Object);;Argument[1];Argument[-1];taint",
"org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint",
"org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value",
"org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint",
"org.json;JSONObject;false;query;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;quote;(String);;Argument[0];ReturnValue;taint",
"org.json;JSONObject;false;quote;(String,Writer);;Argument[0];Argument[1];taint",
"org.json;JSONObject;false;quote;(String,Writer);;Argument[1];ReturnValue;value",
"org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint",
"org.json;JSONObject;false;toJSONArray;;;Argument[-1];ReturnValue;taint",
"org.json;JSONObject;false;toMap;;;Argument[-1];MapKey of ReturnValue;taint",
@@ -202,14 +213,15 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONPointer$Builder;false;append;;;Argument[-1];ReturnValue;value",
"org.json;JSONPointer$Builder;false;build;;;Argument[-1];ReturnValue;taint",
"org.json;JSONStringer;false;toString;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint",
"org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;nextClean;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;nextString;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;nextTo;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;nextValue;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint",
"org.json;JSONTokener;false;toString;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint",
"org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint",
"org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint",
"org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint",
// The following model doesn't work yet due to lack of support for reverse taint flow:
"org.json;JSONWriter;true;JSONWriter;;;Argument[-1];Argument[0];taint",
"org.json;JSONWriter;true;key;;;Argument[0];Argument[-1];taint",
"org.json;JSONWriter;true;value;;;Argument[0];Argument[-1];taint",
@@ -220,14 +232,14 @@ private class FlowModels extends SummaryModelCsv {
"org.json;JSONWriter;true;key;;;Argument[-1];ReturnValue;value",
"org.json;JSONWriter;true;object;;;Argument[-1];ReturnValue;value",
"org.json;JSONWriter;true;value;;;Argument[-1];ReturnValue;value",
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
"org.json;Property;false;toJSONObject;;;MapKey of Argument[0];ReturnValue;taint",
"org.json;Property;false;toJSONObject;;;MapValue of Argument[0];ReturnValue;taint",
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
"org.json;XML;false;escape;;;Argument[0];ReturnValue;taint",
"org.json;XML;false;stringToValue;;;Argument[0];ReturnValue;taint",
"org.json;XML;false;toJSONObject;;;Argument[0];ReturnValue;taint",
"org.json;XML;false;toString;;;Argument[0];ReturnValue;taint",
"org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint",
"org.json;XML;false;unescape;;;Argument[0];ReturnValue;taint",
"org.json;XMLTokener;false;XMLTokener;;;Argument[0];Argument[-1];taint",
"org.json;XMLTokener;false;nextCDATA;;;Argument[-1];ReturnValue;taint",