hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 19:26:02 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13903 from atorralba/atorralba/jaxrs-mad-models

Browse Source 
Java: New models for JAX-RS
This commit is contained in:
Tony Torralba
2023-08-24 11:43:13 +02:00
committed by GitHub
parent f996fa2f8b fb0102b763
commit 8c32919381
13 changed files with 382 additions and 248 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/change-notes/2023-08-07-jaxrs-new-models.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: minorAnalysis
---
* Added more dataflow models for JAX-RS.

13
java/ql/lib/ext/jakarta.activation.model.yml Normal file
View File

@@ -0,0 +1,13 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["jakarta.activation", "FileDataSource", True, "FileDataSource", "", "", "Argument[0]", "path-injection", "manual"]
- ["jakarta.activation", "URLDataSource", True, "URLDataSource", "", "", "Argument[0]", "request-forgery", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["jakarta.activation", "DataSource", True, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["jakarta.activation", "DataSource", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

7
java/ql/lib/ext/jakarta.xml.bind.attachment.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["jakarta.xml.bind.attachment", "AttachmentUnmarshaller", True, "getAttachmentAsDataHandler", "", "", "Parameter[0]", "remote", "manual"]
- ["jakarta.xml.bind.attachment", "AttachmentUnmarshaller", True, "getAttachmentAsByteArray", "", "", "Parameter[0]", "remote", "manual"]

18
java/ql/lib/ext/javax.activation.model.yml Normal file
View File

@@ -0,0 +1,18 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.activation", "FileDataSource", True, "FileDataSource", "", "", "Argument[0]", "path-injection", "manual"]
- ["javax.activation", "URLDataSource", True, "URLDataSource", "", "", "Argument[0]", "request-forgery", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["javax.activation", "DataHandler", True, "getContent", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["javax.activation", "DataHandler", True, "getDataSource", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["javax.activation", "DataHandler", True, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["javax.activation", "DataHandler", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["javax.activation", "DataHandler", True, "writeTo", "(OutputStream)", "", "Argument[this]", "Argument[0]", "taint", "manual"]
- ["javax.activation", "DataSource", True, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["javax.activation", "DataSource", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]

7
java/ql/lib/ext/javax.xml.bind.attachment.model.yml Normal file
View File

@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["javax.xml.bind.attachment", "AttachmentUnmarshaller", True, "getAttachmentAsDataHandler", "", "", "Parameter[0]", "remote", "manual"]
- ["javax.xml.bind.attachment", "AttachmentUnmarshaller", True, "getAttachmentAsByteArray", "", "", "Parameter[0]", "remote", "manual"]