From 92ebb63b1f778ea65fa4d5e7018c1779c617bf4d Mon Sep 17 00:00:00 2001 From: Sauyon Lee Date: Wed, 23 Jun 2021 23:49:50 -0700 Subject: [PATCH] Model Spring AntPath utils --- .../src/semmle/code/java/frameworks/spring/SpringUtil.qll | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll b/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll index ef17e60a2ac..6b68f2a4331 100644 --- a/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll +++ b/java/ql/src/semmle/code/java/frameworks/spring/SpringUtil.qll @@ -11,6 +11,14 @@ module SpringUtil { private class FlowSummaries extends SummaryModelCsv { override predicate row(string row) { row = [ + "org.springframework.util;AntPathMatcher;false;combine;;;Argument[0..1];ReturnValue;taint", + "org.springframework.util;AntPathMatcher;false;doMatch;;;Argument[0];MapValue of Argument[2];taint", + "org.springframework.util;AntPathMatcher;false;extractPathWithinPattern;;;Argument[1];ReturnValue;taint", + "org.springframework.util;AntPathMatcher;false;extractUriTemplateVariables;;;Argument[1];MapValue of ReturnValue;taint", + // Return values here are arrays, but there's no value in adding `ArrayValue of` for taint, right? + "org.springframework.util;AntPathMatcher;false;tokenizePath;;;Argument[0];ReturnValue;taint", + "org.springframework.util;AntPathMatcher;false;tokenizePattern;;;Argument[0];ReturnValue;taint", + "org.springframework.util.AntPathMatcher;AntPathStringMatcher;false;matchStrings;;;Argument[0];MapValue of Argument[1];taint", "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,org.springframework.util.AutoPopulatingList.ElementFactory);;Element of Argument[0];Element of Argument[-1];value", "org.springframework.util;AutoPopulatingList;false;AutoPopulatingList;(java.util.List,java.lang.Class);;Element of Argument[0];Element of Argument[-1];value", "org.springframework.util;Base64Utils;false;decode;;;Argument[0];ReturnValue;taint",