hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-22 11:46:32 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add more models

Browse Source
This commit is contained in:
Tony Torralba
2022-07-26 11:06:11 +02:00
parent c56e0f7c0d
commit 33f5620782
2 changed files with 201 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll
View File

@@ -245,8 +245,20 @@ private class ContainerFlowSummaries extends SummaryModelCsv {
"java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual", "java.util;Properties;true;getProperty;(String,String);;Argument[-1].MapValue;ReturnValue;value;manual",
"java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual", "java.util;Properties;true;getProperty;(String,String);;Argument[1];ReturnValue;value;manual",
"java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual", "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual",
"java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint;manual", "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint;manual", "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual",
"java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual", "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual", "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual",
"java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual", "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual",

227
java/ql/test/library-tests/scanner/Test.java
View File

@@ -2,6 +2,8 @@ package generatedtest;
import java.io.File; import java.io.File;
import java.io.InputStream; import java.io.InputStream;
import java.math.BigDecimal;
import java.math.BigInteger;
import java.nio.channels.ReadableByteChannel; import java.nio.channels.ReadableByteChannel;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.file.Path; import java.nio.file.Path;
@@ -11,169 +13,312 @@ import java.util.regex.Pattern;
// Test case generated by GenerateFlowTestCase.ql // Test case generated by GenerateFlowTestCase.ql
public class Test { public class Test {
Object source() { return null; } Object source() {
void sink(Object o) { } return null;
}
void sink(Object o) {}
public void test() throws Exception { public void test() throws Exception {
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
File in = (File)source(); File in = (File) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
File in = (File)source(); File in = (File) source();
out = new Scanner(in, (Charset)null); out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
File in = (File)source(); File in = (File) source();
out = new Scanner(in, (String)null); out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
InputStream in = (InputStream)source(); InputStream in = (InputStream) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
InputStream in = (InputStream)source(); InputStream in = (InputStream) source();
out = new Scanner(in, (Charset)null); out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
InputStream in = (InputStream)source(); InputStream in = (InputStream) source();
out = new Scanner(in, (String)null); out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
Path in = (Path)source(); Path in = (Path) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
Path in = (Path)source(); Path in = (Path) source();
out = new Scanner(in, (Charset)null); out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
Path in = (Path)source(); Path in = (Path) source();
out = new Scanner(in, (String)null); out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
Readable in = (Readable)source(); Readable in = (Readable) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel)source(); ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel)source(); ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in, (Charset)null); out = new Scanner(in, (Charset) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
ReadableByteChannel in = (ReadableByteChannel)source(); ReadableByteChannel in = (ReadableByteChannel) source();
out = new Scanner(in, (String)null); out = new Scanner(in, (String) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual" // "java.util;Scanner;true;Scanner;;;Argument[0];Argument[-1];taint;manual"
Scanner out = null; Scanner out = null;
String in = (String)source(); String in = (String) source();
out = new Scanner(in); out = new Scanner(in);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint;manual" // "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null; String out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.next((Pattern)null); out = in.findInLine((Pattern) null);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint;manual" // "java.util;Scanner;true;findInLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null; String out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.next((String)null); out = in.findInLine((String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findWithinHorizon((Pattern) null, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;findWithinHorizon;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.findWithinHorizon((String) null, 0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next((Pattern) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next((String) null);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;next;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.next();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigDecimal;;;Argument[-1];ReturnValue;taint;manual"
BigDecimal out = null;
Scanner in = (Scanner) source();
out = in.nextBigDecimal();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
BigInteger out = null;
Scanner in = (Scanner) source();
out = in.nextBigInteger();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBigInteger;;;Argument[-1];ReturnValue;taint;manual"
BigInteger out = null;
Scanner in = (Scanner) source();
out = in.nextBigInteger(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextBoolean;;;Argument[-1];ReturnValue;taint;manual"
boolean out = false;
Scanner in = (Scanner) source();
out = in.nextBoolean();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
byte out = 0;
Scanner in = (Scanner) source();
out = in.nextByte();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextByte;;;Argument[-1];ReturnValue;taint;manual"
byte out = 0;
Scanner in = (Scanner) source();
out = in.nextByte(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextDouble;;;Argument[-1];ReturnValue;taint;manual"
double out = 0;
Scanner in = (Scanner) source();
out = in.nextDouble();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextFloat;;;Argument[-1];ReturnValue;taint;manual"
float out = 0;
Scanner in = (Scanner) source();
out = in.nextFloat();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
int out = 0;
Scanner in = (Scanner) source();
out = in.nextInt();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextInt;;;Argument[-1];ReturnValue;taint;manual"
int out = 0;
Scanner in = (Scanner) source();
out = in.nextInt(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLine;;;Argument[-1];ReturnValue;taint;manual"
String out = null;
Scanner in = (Scanner) source();
out = in.nextLine();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
long out = 0;
Scanner in = (Scanner) source();
out = in.nextLong();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextLong;;;Argument[-1];ReturnValue;taint;manual"
long out = 0;
Scanner in = (Scanner) source();
out = in.nextLong(0);
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
short out = 0;
Scanner in = (Scanner) source();
out = in.nextShort();
sink(out); // $ hasTaintFlow
}
{
// "java.util;Scanner;true;nextShort;;;Argument[-1];ReturnValue;taint;manual"
short out = 0;
Scanner in = (Scanner) source();
out = in.nextShort(0);
sink(out); // $ hasTaintFlow sink(out); // $ hasTaintFlow
} }
{ {
// "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;reset;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.reset(); out = in.reset();
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.skip((Pattern)null); out = in.skip((Pattern) null);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;skip;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.skip((String)null); out = in.skip((String) null);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.useDelimiter((Pattern)null); out = in.useDelimiter((Pattern) null);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;useDelimiter;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.useDelimiter((String)null); out = in.useDelimiter((String) null);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;useLocale;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.useLocale(null); out = in.useLocale(null);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }
{ {
// "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual" // "java.util;Scanner;true;useRadix;;;Argument[-1];ReturnValue;value;manual"
Scanner out = null; Scanner out = null;
Scanner in = (Scanner)source(); Scanner in = (Scanner) source();
out = in.useRadix(0); out = in.useRadix(0);
sink(out); // $ hasValueFlow sink(out); // $ hasValueFlow
} }