diff --git a/java/ql/lib/ext/com.sun.crypto.provider.model.yml b/java/ql/lib/ext/com.sun.crypto.provider.model.yml new file mode 100644 index 00000000000..ed60f484fa8 --- /dev/null +++ b/java/ql/lib/ext/com.sun.crypto.provider.model.yml @@ -0,0 +1,13 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.crypto.provider", "JceKeyStore", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.crypto.provider", "JceKeyStore", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.crypto.provider", "JceKeyStore", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["com.sun.crypto.provider", "JceKeyStore", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.crypto.provider", "JceKeyStore", False, "getPreKeyedHash", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["com.sun.crypto.provider", "KeyProtector", False, "KeyProtector", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["com.sun.crypto.provider", "PBKDF2KeyImpl", False, "deriveKey", "(Mac, byte[], byte[], int, int)", "credential-password", "Argument[1]", "manual"] + - ["com.sun.crypto.provider", "PBKDF2KeyImpl", False, "getPasswordBytes", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/com.sun.istack.internal.tools.model.yml b/java/ql/lib/ext/com.sun.istack.internal.tools.model.yml new file mode 100644 index 00000000000..1b136708716 --- /dev/null +++ b/java/ql/lib/ext/com.sun.istack.internal.tools.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.istack.internal.tools", "DefaultAuthenticator$AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"] diff --git a/java/ql/lib/ext/com.sun.net.httpserver.model.yml b/java/ql/lib/ext/com.sun.net.httpserver.model.yml new file mode 100644 index 00000000000..7d390ddf5d3 --- /dev/null +++ b/java/ql/lib/ext/com.sun.net.httpserver.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.net.httpserver", "BasicAuthenticator", False, "checkCredentials", "(String, String)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/com.sun.net.ssl.model.yml b/java/ql/lib/ext/com.sun.net.ssl.model.yml new file mode 100644 index 00000000000..6bd04b7b133 --- /dev/null +++ b/java/ql/lib/ext/com.sun.net.ssl.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.net.ssl", "KeyManagerFactory", False, "init", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.net.ssl", "KeyManagerFactorySpi", False, "engineInit", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.net.ssl", "KeyManagerFactorySpiWrapper", False, "engineInit", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.model.yml b/java/ql/lib/ext/com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.model.yml new file mode 100644 index 00000000000..f2a6370c1ad --- /dev/null +++ b/java/ql/lib/ext/com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations", "PrivateKeyResolver", False, "PrivateKeyResolver", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["com.sun.org.apache.xml.internal.security.keys.keyresolver.implementations", "SecretKeyResolver", False, "SecretKeyResolver", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/com.sun.rowset.model.yml b/java/ql/lib/ext/com.sun.rowset.model.yml new file mode 100644 index 00000000000..5b9ebbcafed --- /dev/null +++ b/java/ql/lib/ext/com.sun.rowset.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.rowset", "JdbcRowSetImpl", False, "JdbcRowSetImpl", "(String, String, String)", "credential-password", "Argument[2]", "manual"] + - ["com.sun.rowset", "JdbcRowSetImpl", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/com.sun.security.auth.module.model.yml b/java/ql/lib/ext/com.sun.security.auth.module.model.yml new file mode 100644 index 00000000000..4b55821404a --- /dev/null +++ b/java/ql/lib/ext/com.sun.security.auth.module.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.security.auth.module", "JndiLoginModule", False, "verifyPassword", "(String, String)", "credential-password", "Argument[0]", "manual"] + - ["com.sun.security.auth.module", "JndiLoginModule", False, "verifyPassword", "(String, String)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/com.sun.security.ntlm.model.yml b/java/ql/lib/ext/com.sun.security.ntlm.model.yml new file mode 100644 index 00000000000..9a682f62ed8 --- /dev/null +++ b/java/ql/lib/ext/com.sun.security.ntlm.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.security.ntlm", "Client", False, "Client", "(String, String, String, String, char[])", "credential-password", "Argument[4]", "manual"] + - ["com.sun.security.ntlm", "NTLM", False, "getP1", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["com.sun.security.ntlm", "NTLM", False, "getP2", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/com.sun.security.sasl.digest.model.yml b/java/ql/lib/ext/com.sun.security.sasl.digest.model.yml new file mode 100644 index 00000000000..d14032faada --- /dev/null +++ b/java/ql/lib/ext/com.sun.security.sasl.digest.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.security.sasl.digest", "DigestMD5Base", False, "generateResponseValue", "(String, String, String, String, String, char[], byte[], byte[], int, byte[])", "credential-password", "Argument[5]", "manual"] + - ["com.sun.security.sasl.digest", "DigestMD5Server", False, "generateResponseAuth", "(String, char[], byte[], int, byte[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/com.sun.tools.internal.ws.wscompile.model.yml b/java/ql/lib/ext/com.sun.tools.internal.ws.wscompile.model.yml new file mode 100644 index 00000000000..51e8607d748 --- /dev/null +++ b/java/ql/lib/ext/com.sun.tools.internal.ws.wscompile.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["com.sun.tools.internal.ws.wscompile", "AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"] diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index a3bc92dc7b3..096ef9c836d 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -10,6 +10,7 @@ extensions: extensible: sinkModel data: - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] + - ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String, char[])", "credential-password", "Argument[1]", "manual"] - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["java.net", "URL", False, "openConnection", "", "", "Argument[this]", "request-forgery", "manual"] - ["java.net", "URL", False, "openConnection", "(Proxy)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/java.security.model.yml b/java/ql/lib/ext/java.security.model.yml new file mode 100644 index 00000000000..992b084b51d --- /dev/null +++ b/java/ql/lib/ext/java.security.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.security", "KeyStore", False, "getKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["java.security", "KeyStore", False, "load", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["java.security", "KeyStore", False, "setKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["java.security", "KeyStore", False, "store", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["java.security", "KeyStore$PasswordProtection", False, "PasswordProtection", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["java.security", "KeyStore$PasswordProtection", False, "PasswordProtection", "(char[], String, AlgorithmParameterSpec)", "credential-password", "Argument[0]", "manual"] + - ["java.security", "KeyStoreSpi", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["java.security", "KeyStoreSpi", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["java.security", "KeyStoreSpi", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["java.security", "KeyStoreSpi", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml index 53142565d6c..83af4e32cc3 100644 --- a/java/ql/lib/ext/java.sql.model.yml +++ b/java/ql/lib/ext/java.sql.model.yml @@ -11,6 +11,7 @@ extensions: - ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "request-forgery", "manual"] - ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "request-forgery", "manual"] - ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "request-forgery", "manual"] + - ["java.sql", "DriverManager", False, "getConnection", "(String, String, String)", "credential-password", "Argument[2]", "manual"] - ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql-injection", "manual"] - ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql-injection", "manual"] - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/lib/ext/javax.crypto.spec.model.yml b/java/ql/lib/ext/javax.crypto.spec.model.yml index 92025290309..65610e25ee4 100644 --- a/java/ql/lib/ext/javax.crypto.spec.model.yml +++ b/java/ql/lib/ext/javax.crypto.spec.model.yml @@ -6,4 +6,11 @@ extensions: - ["javax.crypto.spec", "IvParameterSpec", True, "IvParameterSpec", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["javax.crypto.spec", "GCMParameterSpec", True, "GCMParameterSpec", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["javax.crypto.spec", "RC2ParameterSpec", True, "RC2ParameterSpec", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] - - ["javax.crypto.spec", "RC5ParameterSpec", True, "RC5ParameterSpec", "", "", "Argument[3]", "Argument[this]", "taint", "manual"] \ No newline at end of file + - ["javax.crypto.spec", "RC5ParameterSpec", True, "RC5ParameterSpec", "", "", "Argument[3]", "Argument[this]", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[], byte[], int)", "credential-password", "Argument[0]", "manual"] + - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[], byte[], int, int)", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/javax.net.ssl.model.yml b/java/ql/lib/ext/javax.net.ssl.model.yml index 59085b8d120..17985a131d4 100644 --- a/java/ql/lib/ext/javax.net.ssl.model.yml +++ b/java/ql/lib/ext/javax.net.ssl.model.yml @@ -5,3 +5,5 @@ extensions: data: - ["javax.net.ssl", "HttpsURLConnection", True, "setDefaultHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"] - ["javax.net.ssl", "HttpsURLConnection", True, "setHostnameVerifier", "", "", "Argument[0]", "hostname-verification", "manual"] + - ["javax.net.ssl", "KeyManagerFactory", False, "init", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["javax.net.ssl", "KeyManagerFactorySpi", False, "engineInit", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/javax.security.auth.callback.model.yml b/java/ql/lib/ext/javax.security.auth.callback.model.yml new file mode 100644 index 00000000000..4ae9782e768 --- /dev/null +++ b/java/ql/lib/ext/javax.security.auth.callback.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.security.auth.callback", "PasswordCallback", False, "setPassword", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/javax.security.auth.kerberos.model.yml b/java/ql/lib/ext/javax.security.auth.kerberos.model.yml new file mode 100644 index 00000000000..f95cc9371e2 --- /dev/null +++ b/java/ql/lib/ext/javax.security.auth.kerberos.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.security.auth.kerberos", "KerberosKey", False, "KerberosKey", "(KerberosPrincipal, char[], String)", "credential-password", "Argument[1]", "manual"] + - ["javax.security.auth.kerberos", "KeyImpl", False, "KeyImpl", "(KerberosPrincipal, char[], String)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/javax.sql.model.yml b/java/ql/lib/ext/javax.sql.model.yml new file mode 100644 index 00000000000..9fcfbabb5a3 --- /dev/null +++ b/java/ql/lib/ext/javax.sql.model.yml @@ -0,0 +1,9 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.sql", "ConnectionPoolDataSource", False, "getPooledConnection", "(String, String)", "credential-password", "Argument[1]", "manual"] + - ["javax.sql", "DataSource", False, "getConnection", "(String, String)", "credential-password", "Argument[1]", "manual"] + - ["javax.sql", "RowSet", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"] + - ["javax.sql", "XADataSource", False, "getXAConnection", "(String, String)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.net.ftp.impl.model.yml b/java/ql/lib/ext/sun.net.ftp.impl.model.yml new file mode 100644 index 00000000000..2686f1e89a2 --- /dev/null +++ b/java/ql/lib/ext/sun.net.ftp.impl.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"] + - ["sun.net.ftp.impl", "FtpClient", False, "tryLogin", "(String, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.net.ftp.model.yml b/java/ql/lib/ext/sun.net.ftp.model.yml new file mode 100644 index 00000000000..0ee110c649d --- /dev/null +++ b/java/ql/lib/ext/sun.net.ftp.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.net.www.protocol.http.model.yml b/java/ql/lib/ext/sun.net.www.protocol.http.model.yml new file mode 100644 index 00000000000..d25ad7dc910 --- /dev/null +++ b/java/ql/lib/ext/sun.net.www.protocol.http.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.net.www.protocol.http", "DigestAuthentication", False, "computeDigest", "(boolean, String, char[], String, String, String, String, String, String)", "credential-password", "Argument[2]", "manual"] + - ["sun.net.www.protocol.http", "DigestAuthentication", False, "encode", "(String, char[], MessageDigest)", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.security.krb5.internal.crypto.dk.model.yml b/java/ql/lib/ext/sun.security.krb5.internal.crypto.dk.model.yml new file mode 100644 index 00000000000..008216241df --- /dev/null +++ b/java/ql/lib/ext/sun.security.krb5.internal.crypto.dk.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.krb5.internal.crypto.dk", "AesDkCrypto", False, "stringToKey", "(char[], String, byte[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5.internal.crypto.dk", "ArcFourCrypto", False, "stringToKey", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/sun.security.krb5.internal.crypto.model.yml b/java/ql/lib/ext/sun.security.krb5.internal.crypto.model.yml new file mode 100644 index 00000000000..14510ce06fe --- /dev/null +++ b/java/ql/lib/ext/sun.security.krb5.internal.crypto.model.yml @@ -0,0 +1,10 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.krb5.internal.crypto", "Aes128", False, "stringToKey", "(char[], String, byte[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5.internal.crypto", "Aes256", False, "stringToKey", "(char[], String, byte[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5.internal.crypto", "ArcFourHmac", False, "stringToKey", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5.internal.crypto", "Des", False, "char_to_key", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5.internal.crypto", "Des", False, "string_to_key_bytes", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/sun.security.krb5.model.yml b/java/ql/lib/ext/sun.security.krb5.model.yml new file mode 100644 index 00000000000..a2ed1e27508 --- /dev/null +++ b/java/ql/lib/ext/sun.security.krb5.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.krb5", "EncryptionKey", False, "EncryptionKey", "(char[], String, String)", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5", "EncryptionKey", False, "acquireSecretKey", "(PrincipalName, char[], int, SaltAndParams)", "credential-password", "Argument[1]", "manual"] + - ["sun.security.krb5", "EncryptionKey", False, "acquireSecretKey", "(char[], String, int, byte[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5", "EncryptionKey", False, "acquireSecretKeys", "(char[], String)", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5", "EncryptionKey", False, "stringToKey", "(char[], String, byte[], int)", "credential-password", "Argument[0]", "manual"] + - ["sun.security.krb5", "KrbAsRep", False, "decryptUsingPassword", "(char[], KrbAsReq, PrincipalName)", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/sun.security.pkcs11.model.yml b/java/ql/lib/ext/sun.security.pkcs11.model.yml new file mode 100644 index 00000000000..031c5606d79 --- /dev/null +++ b/java/ql/lib/ext/sun.security.pkcs11.model.yml @@ -0,0 +1,11 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.pkcs11", "P11KeyStore", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs11", "P11KeyStore", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs11", "P11KeyStore", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["sun.security.pkcs11", "P11KeyStore", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs11", "P11KeyStore$PasswordCallbackHandler", False, "PasswordCallbackHandler", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.pkcs11", "Secmod$KeyStoreLoadParameter", False, "KeyStoreLoadParameter", "(TrustType, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.security.pkcs12.model.yml b/java/ql/lib/ext/sun.security.pkcs12.model.yml new file mode 100644 index 00000000000..b415a158e01 --- /dev/null +++ b/java/ql/lib/ext/sun.security.pkcs12.model.yml @@ -0,0 +1,14 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "calculateMac", "(char[], byte[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "createEncryptedData", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "encryptContent", "(byte[], char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "getPBEKey", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.pkcs12", "PKCS12KeyStore", False, "loadSafeContents", "(DerInputStream, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.security.provider.model.yml b/java/ql/lib/ext/sun.security.provider.model.yml new file mode 100644 index 00000000000..e278e3eaf23 --- /dev/null +++ b/java/ql/lib/ext/sun.security.provider.model.yml @@ -0,0 +1,15 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.provider", "DomainKeyStore", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "DomainKeyStore", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "DomainKeyStore", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["sun.security.provider", "DomainKeyStore", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "JavaKeyStore", False, "engineGetKey", "(String, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "JavaKeyStore", False, "engineLoad", "(InputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "JavaKeyStore", False, "engineSetKeyEntry", "(String, Key, char[], Certificate[])", "credential-password", "Argument[2]", "manual"] + - ["sun.security.provider", "JavaKeyStore", False, "engineStore", "(OutputStream, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.provider", "JavaKeyStore", False, "getPreKeyedHash", "(char[])", "credential-password", "Argument[0]", "manual"] + - ["sun.security.provider", "KeyProtector", False, "KeyProtector", "(char[])", "credential-password", "Argument[0]", "manual"] diff --git a/java/ql/lib/ext/sun.security.ssl.model.yml b/java/ql/lib/ext/sun.security.ssl.model.yml new file mode 100644 index 00000000000..288b98aaa55 --- /dev/null +++ b/java/ql/lib/ext/sun.security.ssl.model.yml @@ -0,0 +1,8 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.ssl", "KeyManagerFactoryImpl$SunX509", False, "engineInit", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.ssl", "KeyManagerFactoryImpl$X509", False, "engineInit", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] + - ["sun.security.ssl", "SunX509KeyManagerImpl", False, "SunX509KeyManagerImpl", "(KeyStore, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.security.tools.keytool.model.yml b/java/ql/lib/ext/sun.security.tools.keytool.model.yml new file mode 100644 index 00000000000..f9f94064f81 --- /dev/null +++ b/java/ql/lib/ext/sun.security.tools.keytool.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.security.tools.keytool", "Main", False, "getNewPasswd", "(String, char[])", "credential-password", "Argument[1]", "manual"] diff --git a/java/ql/lib/ext/sun.tools.jconsole.model.yml b/java/ql/lib/ext/sun.tools.jconsole.model.yml new file mode 100644 index 00000000000..d071a909742 --- /dev/null +++ b/java/ql/lib/ext/sun.tools.jconsole.model.yml @@ -0,0 +1,18 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["sun.tools.jconsole", "ConnectDialog", False, "setConnectionParameters", "(String, String, int, String, String, String)", "credential-password", "Argument[4]", "manual"] + - ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String, boolean)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "JConsole", False, "addUrl", "(String, String, String, boolean)", "credential-password", "Argument[2]", "manual"] + - ["sun.tools.jconsole", "JConsole", False, "failed", "(Exception, String, String, String)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "JConsole", False, "showConnectDialog", "(String, String, int, String, String, String)", "credential-password", "Argument[4]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, String, String)", "credential-password", "Argument[2]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, String, String)", "credential-password", "Argument[2]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, String, String)", "credential-password", "Argument[2]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"] + - ["sun.tools.jconsole", "ProxyClient", False, "setParameters", "(JMXServiceURL, String, String)", "credential-password", "Argument[2]", "manual"]