hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 02:05:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add more taint models

Browse Source
This commit is contained in:
Tony Torralba
2022-05-04 12:32:59 +02:00
parent fbceb8de57
commit 2d3b15f936
2 changed files with 143 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
java/ql/lib/semmle/code/java/frameworks/OkHttp.qll
View File

@@ -23,31 +23,48 @@ private class OKHttpSummaries extends SummaryModelCsv {
"okhttp3;HttpUrl;false;uri;;;Argument[-1];ReturnValue;taint",
"okhttp3;HttpUrl;false;url;;;Argument[-1];ReturnValue;taint",
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint",
"okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;fragment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;port;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;removeAllQueryParameters;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;removePathSegment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;scheme;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;scheme;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value",
"okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint",
"okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value",
]
}

126
java/ql/test/library-tests/frameworks/okhttp/Test.java
View File

@@ -28,6 +28,13 @@ public class Test {
out = in.addEncodedPathSegment(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addEncodedPathSegment(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -35,6 +42,13 @@ public class Test {
out = in.addEncodedPathSegments(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addEncodedPathSegments(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -42,6 +56,13 @@ public class Test {
out = in.addEncodedQueryParameter(null, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addEncodedQueryParameter(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -49,6 +70,13 @@ public class Test {
out = in.addPathSegment(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addPathSegment(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -56,6 +84,13 @@ public class Test {
out = in.addPathSegments(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addPathSegments(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -63,6 +98,20 @@ public class Test {
out = in.addQueryParameter(null, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addQueryParameter(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.addQueryParameter(null, in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint"
HttpUrl out = null;
@@ -77,6 +126,13 @@ public class Test {
out = in.encodedFragment(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.encodedFragment(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -91,6 +147,13 @@ public class Test {
out = in.encodedPath(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.encodedPath(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -98,6 +161,13 @@ public class Test {
out = in.encodedQuery(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.encodedQuery(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -112,6 +182,13 @@ public class Test {
out = in.fragment(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.fragment(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -119,6 +196,13 @@ public class Test {
out = in.host(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.host(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -133,6 +217,13 @@ public class Test {
out = in.port(0);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
int in = (int) source();
out.port(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -140,6 +231,13 @@ public class Test {
out = in.query(null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.query(in);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -182,6 +280,13 @@ public class Test {
out = in.setEncodedPathSegment(0, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
int in = (int) source();
out.setEncodedPathSegment(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -189,6 +294,13 @@ public class Test {
out = in.setEncodedQueryParameter(null, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.setEncodedQueryParameter(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -196,6 +308,13 @@ public class Test {
out = in.setPathSegment(0, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
int in = (int) source();
out.setPathSegment(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;
@@ -203,6 +322,13 @@ public class Test {
out = in.setQueryParameter(null, null);
sink(out); // $ hasValueFlow
}
{
// "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint"
HttpUrl.Builder out = null;
String in = (String) source();
out.setQueryParameter(in, null);
sink(out); // $ hasTaintFlow
}
{
// "okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value"
HttpUrl.Builder out = null;