From bda938c5443c9519da47df7351c806a4b77bb0f3 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 8 Jun 2023 10:51:48 +0200 Subject: [PATCH 1/8] Update MaD Declarations after Triage --- java/ql/lib/change-notes/2023-06-08-new-models.md | 15 +++++++++++++++ java/ql/lib/ext/java.io.model.yml | 2 +- java/ql/lib/ext/java.lang.model.yml | 2 +- java/ql/lib/ext/java.net.model.yml | 2 ++ java/ql/lib/ext/java.nio.channels.model.yml | 8 ++++++++ java/ql/lib/ext/java.nio.file.model.yml | 4 +++- java/ql/lib/ext/java.util.jar.model.yml | 6 ++++++ java/ql/lib/ext/java.util.zip.model.yml | 7 +++++++ java/ql/lib/ext/okhttp3.model.yml | 3 +++ java/ql/lib/ext/org.gradle.api.file.model.yml | 7 +++++++ java/ql/lib/ext/retrofit2.model.yml | 5 +++++ 11 files changed, 58 insertions(+), 3 deletions(-) create mode 100644 java/ql/lib/change-notes/2023-06-08-new-models.md create mode 100644 java/ql/lib/ext/java.util.jar.model.yml create mode 100644 java/ql/lib/ext/org.gradle.api.file.model.yml diff --git a/java/ql/lib/change-notes/2023-06-08-new-models.md b/java/ql/lib/change-notes/2023-06-08-new-models.md new file mode 100644 index 00000000000..e7e450b8ddd --- /dev/null +++ b/java/ql/lib/change-notes/2023-06-08-new-models.md @@ -0,0 +1,15 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * java.io + * java.lang + * java.net + * java.nio.channels + * java.nio.file + * java.util.jar + * java.util.zip + * okhttp3 + * org.gradle.api.file + * retrofit2 diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index e0920d7df16..0980df173f3 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["java.io", "File", True, "createNewFile", "()", "", "Argument[undefined]", "path-injection", "ai-manual"] - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] @@ -118,7 +119,6 @@ extensions: - ["java.io", "DataInput", "readLong", "()", "summary", "manual"] # taint-numeric - ["java.io", "DataOutput", "writeInt", "(int)", "summary", "manual"] # taint-numeric - ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"] # taint-numeric - # sink neutrals - ["java.io", "File", "compareTo", "", "sink", "hq-manual"] - ["java.io", "File", "exists", "()", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index ed14b2495a3..6f7fcb77e83 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -44,6 +44,7 @@ extensions: - ["java.lang", "AbstractStringBuilder", True, "AbstractStringBuilder", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["java.lang", "ProcessBuilder", False, "environment", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] # When `WithoutElement` is implemented for Java, `java.lang.AbstractStringBuilder#delete` might require a `taint` step of the form `Argument[this].WithoutElement -> Argument[this]` in addition to the below `value` step. - ["java.lang", "AbstractStringBuilder", True, "delete", "(int,int)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["java.lang", "AbstractStringBuilder", True, "getChars", "", "", "Argument[this]", "Argument[2]", "taint", "manual"] @@ -133,7 +134,6 @@ extensions: - ["java.lang", "Throwable", True, "getLocalizedMessage", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"] - ["java.lang", "Throwable", True, "toString", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "taint", "manual"] - ["java.lang", "UnsupportedOperationException", False, "UnsupportedOperationException", "(String)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.message]", "value", "manual"] - - addsTo: pack: codeql/java-all extensible: neutralModel diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index 39a4c484112..aeb36b3614e 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -43,6 +43,8 @@ extensions: - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.net", "URL", False, "getFile", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["java.net", "URL", False, "getPath", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] # @atorralba: review for consistency diff --git a/java/ql/lib/ext/java.nio.channels.model.yml b/java/ql/lib/ext/java.nio.channels.model.yml index c4ba9a77a05..f82d224ca24 100644 --- a/java/ql/lib/ext/java.nio.channels.model.yml +++ b/java/ql/lib/ext/java.nio.channels.model.yml @@ -5,3 +5,11 @@ extensions: data: - ["java.nio.channels", "Channels", False, "newChannel", "(InputStream)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.channels", "ReadableByteChannel", True, "read", "(ByteBuffer)", "", "Argument[this]", "Argument[0]", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.nio.channels", "FileChannel", False, "open", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.channels", "FileChannel", False, "open", "(Path,Set,FileAttribute[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.channels", "FileChannel", True, "write", "(ByteBuffer,long)", "", "Argument[0]", "file-content-store", "ai-manual"] + - ["java.nio.channels", "FileChannel", True, "write", "(ByteBuffer)", "", "Argument[0]", "file-content-store", "ai-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index e4519fbc071..fbe7d8afbc4 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -40,6 +40,8 @@ extensions: - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "FileSystems", False, "newFileSystem", "(URI,Map)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - addsTo: @@ -66,6 +68,7 @@ extensions: - ["java.nio.file", "Path", True, "relativize", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Path", True, "resolveSibling", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] @@ -83,7 +86,6 @@ extensions: data: # summary neutrals - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"] - # sink neutrals - ["java.nio.file", "Files", "exists", "", "sink", "hq-manual"] - ["java.nio.file", "Files", "getLastModifiedTime", "", "sink", "hq-manual"] diff --git a/java/ql/lib/ext/java.util.jar.model.yml b/java/ql/lib/ext/java.util.jar.model.yml new file mode 100644 index 00000000000..93c452c214f --- /dev/null +++ b/java/ql/lib/ext/java.util.jar.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.util.jar", "JarFile", True, "getInputStream", "(ZipEntry)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.util.zip.model.yml b/java/ql/lib/ext/java.util.zip.model.yml index 8e741f98c24..6a54b26221b 100644 --- a/java/ql/lib/ext/java.util.zip.model.yml +++ b/java/ql/lib/ext/java.util.zip.model.yml @@ -4,4 +4,11 @@ extensions: extensible: summaryModel data: - ["java.util.zip", "GZIPInputStream", False, "GZIPInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["java.util.zip", "ZipEntry", True, "ZipEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.util.zip", "ZipInputStream", False, "ZipInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.util.zip", "ZipFile", True, "getEntry", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.util.zip", "ZipOutputStream", True, "putNextEntry", "(ZipEntry)", "", "Argument[0]", "path-injection", "ai-manual"] # may also be file-content-store? diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index 2368292dab7..bd3a6e1cf6c 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -6,6 +6,7 @@ extensions: - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "request-forgery", "manual"] + - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[undefined]", "request-forgery", "ai-manual"] # this creates a GET request - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all @@ -58,3 +59,5 @@ extensions: - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] # this creates a GET request + - ["okhttp3", "Request$Builder", False, "url", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/org.gradle.api.file.model.yml b/java/ql/lib/ext/org.gradle.api.file.model.yml new file mode 100644 index 00000000000..e41bde8f4a9 --- /dev/null +++ b/java/ql/lib/ext/org.gradle.api.file.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["org.gradle.api.file", "Directory", True, "getAsFile", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["org.gradle.api.file", "DirectoryProperty", True, "file", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/retrofit2.model.yml b/java/ql/lib/ext/retrofit2.model.yml index 4ea997169a9..c8014396b04 100644 --- a/java/ql/lib/ext/retrofit2.model.yml +++ b/java/ql/lib/ext/retrofit2.model.yml @@ -4,3 +4,8 @@ extensions: extensible: sinkModel data: - ["retrofit2", "Retrofit$Builder", True, "baseUrl", "", "", "Argument[0]", "request-forgery", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["retrofit2", "Retrofit$Builder", False, "baseUrl", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] From 8f697ac1eeac0ea337c3b3e085e07dd3b336b025 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Thu, 8 Jun 2023 12:02:50 +0200 Subject: [PATCH 2/8] Java: fix broken MaD export format --- java/ql/lib/ext/java.io.model.yml | 2 +- java/ql/lib/ext/java.lang.model.yml | 2 +- java/ql/lib/ext/java.net.model.yml | 4 ++-- java/ql/lib/ext/okhttp3.model.yml | 2 +- java/ql/lib/ext/org.gradle.api.file.model.yml | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 5930f6eaca2..98c51a7bad5 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -7,7 +7,7 @@ extensions: - ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation - ["java.io", "File", False, "File", "(String,String)", "", "Argument[0..1]", "path-injection", "manual"] # old PathCreation - ["java.io", "File", False, "File", "(URI)", "", "Argument[0]", "path-injection", "manual"] # old PathCreation - - ["java.io", "File", True, "createNewFile", "()", "", "Argument[undefined]", "path-injection", "ai-manual"] + - ["java.io", "File", True, "createNewFile", "()", "", "Argument[this]", "path-injection", "ai-manual"] - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index 9e6d76006ee..ba17ad31640 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -47,7 +47,7 @@ extensions: - ["java.lang", "AbstractStringBuilder", True, "AbstractStringBuilder", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["java.lang", "AbstractStringBuilder", True, "append", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["java.lang", "ProcessBuilder", False, "environment", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["java.lang", "ProcessBuilder", False, "environment", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] # When `WithoutElement` is implemented for Java, `java.lang.AbstractStringBuilder#delete` might require a `taint` step of the form `Argument[this].WithoutElement -> Argument[this]` in addition to the below `value` step. - ["java.lang", "AbstractStringBuilder", True, "delete", "(int,int)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["java.lang", "AbstractStringBuilder", True, "getChars", "", "", "Argument[this]", "Argument[2]", "taint", "manual"] diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index aeb36b3614e..f22e30a7d2f 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -43,8 +43,8 @@ extensions: - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "toURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["java.net", "URL", False, "getFile", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] - - ["java.net", "URL", False, "getPath", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["java.net", "URL", False, "getFile", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] + - ["java.net", "URL", False, "getPath", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] # @atorralba: review for consistency diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index d2c43a010c0..67e489f6f36 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -6,7 +6,7 @@ extensions: - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "request-forgery", "manual"] - - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[undefined]", "request-forgery", "ai-manual"] # this creates a GET request + - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[this]", "request-forgery", "ai-manual"] # this creates a GET request - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/org.gradle.api.file.model.yml b/java/ql/lib/ext/org.gradle.api.file.model.yml index e41bde8f4a9..4f492cdbcbc 100644 --- a/java/ql/lib/ext/org.gradle.api.file.model.yml +++ b/java/ql/lib/ext/org.gradle.api.file.model.yml @@ -3,5 +3,5 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["org.gradle.api.file", "Directory", True, "getAsFile", "()", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] - - ["org.gradle.api.file", "DirectoryProperty", True, "file", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["org.gradle.api.file", "Directory", True, "getAsFile", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] + - ["org.gradle.api.file", "DirectoryProperty", True, "file", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] From 0e242cba7eec237ad39b253a6d53b51ca65b9754 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 8 Jun 2023 14:59:10 +0200 Subject: [PATCH 3/8] Update java/ql/lib/ext/retrofit2.model.yml --- java/ql/lib/ext/retrofit2.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/java/ql/lib/ext/retrofit2.model.yml b/java/ql/lib/ext/retrofit2.model.yml index c8014396b04..7096588aed6 100644 --- a/java/ql/lib/ext/retrofit2.model.yml +++ b/java/ql/lib/ext/retrofit2.model.yml @@ -8,4 +8,4 @@ extensions: pack: codeql/java-all extensible: summaryModel data: - - ["retrofit2", "Retrofit$Builder", False, "baseUrl", "(String)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] + - ["retrofit2", "Retrofit$Builder", False, "baseUrl", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] From 44785b72ce8502062009d52da8f711dc2d4e90b5 Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Fri, 9 Jun 2023 13:46:09 +0200 Subject: [PATCH 4/8] Java: Update java/ql/lib/ext/okhttp3.model.yml Co-authored-by: Tony Torralba --- java/ql/lib/ext/okhttp3.model.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index 67e489f6f36..17e57c9ccd3 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -6,7 +6,6 @@ extensions: - ["okhttp3", "OkHttpClient", True, "newCall", "(Request)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "OkHttpClient", True, "newWebSocket", "(Request,WebSocketListener)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["okhttp3", "Request", True, "Request", "", "", "Argument[0]", "request-forgery", "manual"] - - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[this]", "request-forgery", "ai-manual"] # this creates a GET request - ["okhttp3", "Request$Builder", True, "url", "", "", "Argument[0]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all From 1ae2fee309cc59739aeb36bd0d93b80cbfa1f23b Mon Sep 17 00:00:00 2001 From: Stephan Brandauer Date: Fri, 9 Jun 2023 13:48:16 +0200 Subject: [PATCH 5/8] Java: Update java/ql/lib/ext/okhttp3.model.yml Co-authored-by: Tony Torralba --- java/ql/lib/ext/okhttp3.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/ext/okhttp3.model.yml b/java/ql/lib/ext/okhttp3.model.yml index 17e57c9ccd3..7b24c67975b 100644 --- a/java/ql/lib/ext/okhttp3.model.yml +++ b/java/ql/lib/ext/okhttp3.model.yml @@ -58,6 +58,6 @@ extensions: - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "setQueryParameter", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["okhttp3", "HttpUrl$Builder", False, "username", "", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] # this creates a GET request - - ["okhttp3", "Request$Builder", False, "url", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] + - ["okhttp3", "Request$Builder", False, "get", "()", "", "Argument[this]", "ReturnValue", "value", "ai-manual"] + - ["okhttp3", "Request$Builder", False, "url", "(String)", "", "Argument[this]", "ReturnValue", "value", "ai-manual"] - ["okhttp3", "Request$Builder", True, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] From af240ff533791b0d0255685a3f9f5493480aba00 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 15 Jun 2023 11:58:53 +0200 Subject: [PATCH 6/8] Apply suggestions from code review --- java/ql/lib/ext/java.util.zip.model.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/java/ql/lib/ext/java.util.zip.model.yml b/java/ql/lib/ext/java.util.zip.model.yml index 6a54b26221b..577e6b35723 100644 --- a/java/ql/lib/ext/java.util.zip.model.yml +++ b/java/ql/lib/ext/java.util.zip.model.yml @@ -10,5 +10,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.util.zip", "ZipFile", True, "getEntry", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.util.zip", "ZipOutputStream", True, "putNextEntry", "(ZipEntry)", "", "Argument[0]", "path-injection", "ai-manual"] # may also be file-content-store? + - ["java.util.zip", "ZipOutputStream", True, "putNextEntry", "(ZipEntry)", "", "Argument[0]", "file-content-store", "ai-manual"] From dcd180f3f606f5a5361a38c8f480c4a92ad88910 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 15 Jun 2023 12:00:22 +0200 Subject: [PATCH 7/8] Remove model --- java/ql/lib/ext/java.util.jar.model.yml | 6 ------ 1 file changed, 6 deletions(-) delete mode 100644 java/ql/lib/ext/java.util.jar.model.yml diff --git a/java/ql/lib/ext/java.util.jar.model.yml b/java/ql/lib/ext/java.util.jar.model.yml deleted file mode 100644 index 93c452c214f..00000000000 --- a/java/ql/lib/ext/java.util.jar.model.yml +++ /dev/null @@ -1,6 +0,0 @@ -extensions: - - addsTo: - pack: codeql/java-all - extensible: sinkModel - data: - - ["java.util.jar", "JarFile", True, "getInputStream", "(ZipEntry)", "", "Argument[0]", "path-injection", "ai-manual"] From 7cbc13db400e437710b4707875ea4ae38c448488 Mon Sep 17 00:00:00 2001 From: Tony Torralba Date: Thu, 15 Jun 2023 15:14:12 +0200 Subject: [PATCH 8/8] Update java/ql/lib/change-notes/2023-06-08-new-models.md --- java/ql/lib/change-notes/2023-06-08-new-models.md | 1 - 1 file changed, 1 deletion(-) diff --git a/java/ql/lib/change-notes/2023-06-08-new-models.md b/java/ql/lib/change-notes/2023-06-08-new-models.md index e7e450b8ddd..b6e8a15be42 100644 --- a/java/ql/lib/change-notes/2023-06-08-new-models.md +++ b/java/ql/lib/change-notes/2023-06-08-new-models.md @@ -8,7 +8,6 @@ category: minorAnalysis * java.net * java.nio.channels * java.nio.file - * java.util.jar * java.util.zip * okhttp3 * org.gradle.api.file