Merge pull request #16759 from michaelnebel/modelgen/sourcesinkmodelgen

C#/Java: Introduce source and sink model generation sanitisers.
2026-04-25 08:45:14 +02:00 · 2024-06-24 11:47:11 +02:00
parent a1743aa12e aa962f9b03
commit 94d12edfdb
10 changed files with 170 additions and 22 deletions
--- a/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml
+++ b/java/ql/test/utils/modelgenerator/dataflow/CaptureSourceModels.ext.yml
@@ -0,0 +1,7 @@
+extensions:
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - [ "p", "Sources", False, "source", "()", "", "ReturnValue", "test-source", "manual" ]
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java
@@ -64,4 +64,11 @@ public class Sinks {
  public void compoundPropgate(Sinks s) {
    s.fieldSink();
  }
+
+  // Not a new sink because a simple type is used in an intermediate step
+  // neutral=p;Sinks;wrapSinkSimpleType;(String);summary;df-generated
+  public void wrapSinkSimpleType(String s) {
+    Boolean b = s == "hello";
+    sink(b);
+  }
 }
--- a/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
+++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sources.java
@@ -8,6 +8,12 @@ import java.util.List;

 public class Sources {

+  // Defined as a source in the model file next to the test.
+  // neutral=p;Sources;source;();summary;df-generated
+  public String source() {
+    return "";
+  }
+
  // source=p;Sources;true;readUrl;(URL);;ReturnValue;remote;df-generated
  // sink=p;Sources;true;readUrl;(URL);;Argument[0];request-forgery;df-generated
  // neutral=p;Sources;readUrl;(URL);summary;df-generated
@@ -37,4 +43,27 @@ public class Sources {
    streams[0] = socket.accept().getInputStream();
    otherStreams.add(socket.accept().getInputStream());
  }
+
+  // Not a new source because a simple type is used in an intermediate step
+  // neutral=p;Sources;wrapSourceGetBool;();summary;df-generated
+  public Boolean wrapSourceGetBool() {
+    String s = source();
+    return s == "hello";
+  }
+
+  public class SourceReader {
+    @Override
+    public String toString() {
+      return source();
+    }
+  }
+
+  public class MyContainer<T> {
+    private T value;
+
+    // neutral=p;Sources$MyContainer;read;();summary;df-generated
+    public String read() {
+      return value.toString();
+    }
+  }
 }