hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Drop models for stringifying functions

Browse Source 
Per default stringification isn't taint-propagating in Java
This commit is contained in:
Chris Smowton
2021-06-29 12:01:08 +01:00
parent 0441098b18
commit 3d270bbc50
2 changed files with 0 additions and 87 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll
View File

@@ -75,9 +75,6 @@ private class FlowSummaries extends SummaryModelCsv {
"org.springframework.util;MultiValueMapAdapter;false;MultiValueMapAdapter;;;Element of MapValue of Argument[0];Element of MapValue of Argument[-1];value",
"org.springframework.util;ObjectUtils;false;addObjectToArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
"org.springframework.util;ObjectUtils;false;addObjectToArray;;;Argument[1];ArrayElement of ReturnValue;value",
"org.springframework.util;ObjectUtils;false;getDisplayString;;;Argument[0];ReturnValue;taint",
"org.springframework.util;ObjectUtils;false;identityToString;;;Argument[0];ReturnValue;taint",
"org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint",
"org.springframework.util;ObjectUtils;false;toObjectArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
"org.springframework.util;ObjectUtils;false;unwrapOptional;;;Element of Argument[0];ReturnValue;value",
"org.springframework.util;PropertiesPersister;true;load;;;Argument[1];Argument[0];taint",

84
java/ql/test/library-tests/frameworks/spring/util/Test.java
View File

@@ -720,90 +720,6 @@ public class Test {
out = new MultiValueMapAdapter(in);
sink(getMapKey(out)); // $hasValueFlow
}
{
// "org.springframework.util;ObjectUtils;false;getDisplayString;;;Argument[0];ReturnValue;taint"
String out = null;
Object in = (Object)source();
out = ObjectUtils.getDisplayString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;identityToString;;;Argument[0];ReturnValue;taint"
String out = null;
Object in = (Object)source();
out = ObjectUtils.identityToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
short[] in = (short[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
long[] in = (long[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
int[] in = (int[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
float[] in = (float[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
double[] in = (double[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
char[] in = (char[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
byte[] in = (byte[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
boolean[] in = (boolean[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
Object[] in = (Object[])source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;nullSafeToString;;;Argument[0];ReturnValue;taint"
String out = null;
Object in = (Object)source();
out = ObjectUtils.nullSafeToString(in);
sink(out); // $hasTaintFlow
}
{
// "org.springframework.util;ObjectUtils;false;toObjectArray;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value"
Object[] out = null;