hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add models for decode/encodePointer methods

Browse Source
This commit is contained in:
Chris Smowton
2021-07-13 11:10:46 +01:00
parent 2bd58d6ba7
commit 78fe0f810a
2 changed files with 30 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
java/ql/src/semmle/code/java/frameworks/JavaxJson.qll
View File

@@ -24,6 +24,8 @@ private class FlowSummaries extends SummaryModelCsv {
".json;Json;false;createReader;;;Argument[0];ReturnValue;taint", ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint",
".json;Json;false;createValue;;;Argument[0];ReturnValue;taint", ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint",
".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint", ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint",
".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint",
".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint",
".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint", ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value", ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint", ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",

28
java/ql/test/library-tests/frameworks/javax-json/Test.java
View File

@@ -223,6 +223,20 @@ public class Test {
out = jakarta.json.Json.createWriter(in); out = jakarta.json.Json.createWriter(in);
sink(out); // $hasTaintFlow sink(out); // $hasTaintFlow
} }
{
// "jakarta.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint"
String out = null;
String in = (String)source();
out = jakarta.json.Json.decodePointer(in);
sink(out); // $hasTaintFlow
}
{
// "jakarta.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint"
String out = null;
String in = (String)source();
out = jakarta.json.Json.encodePointer(in);
sink(out); // $hasTaintFlow
}
{ {
// "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" // "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint"
boolean out = false; boolean out = false;
@@ -1934,6 +1948,20 @@ public class Test {
out = javax.json.Json.createWriter(in); out = javax.json.Json.createWriter(in);
sink(out); // $hasTaintFlow sink(out); // $hasTaintFlow
} }
{
// "javax.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint"
String out = null;
String in = (String)source();
out = javax.json.Json.decodePointer(in);
sink(out); // $hasTaintFlow
}
{
// "javax.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint"
String out = null;
String in = (String)source();
out = javax.json.Json.encodePointer(in);
sink(out); // $hasTaintFlow
}
{ {
// "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint" // "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint"
boolean out = false; boolean out = false;