Merge branch 'main' into fix/update-gson-model

2026-04-28 02:05:14 +02:00 · 2023-12-15 10:15:53 -08:00
parent aab7ff919e dc9c538fcc
commit 95ce7c9ba4
1693 changed files with 115799 additions and 60952 deletions
--- a/java/ql/lib/ext/java.security.spec.model.yml
+++ b/java/ql/lib/ext/java.security.spec.model.yml
@@ -3,6 +3,11 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+      - ["java.security.spec", "DSAPrivateKeySpec", False, "DSAPrivateKeySpec", "", "", "Argument[0..3]", "credentials-key", "manual"]
+      - ["java.security.spec", "ECPrivateKeySpec", False, "ECPrivateKeySpec", "", "", "Argument[0]", "credentials-key", "manual"]
      - ["java.security.spec", "EncodedKeySpec", False, "EncodedKeySpec", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["java.security.spec", "PKCS8EncodedKeySpec", False, "PKCS8EncodedKeySpec", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
+      - ["java.security.spec", "RSAMultiPrimePrivateCrtKeySpec", False, "RSAMultiPrimePrivateCrtKeySpec", "", "", "Argument[2]", "credentials-key", "manual"]
+      - ["java.security.spec", "RSAPrivateCrtKeySpec", False, "RSAPrivateCrtKeySpec", "", "", "Argument[2]", "credentials-key", "manual"]
+      - ["java.security.spec", "RSAPrivateKeySpec", False, "RSAPrivateKeySpec", "", "", "Argument[1]", "credentials-key", "manual"]
      - ["java.security.spec", "X509EncodedKeySpec", False, "X509EncodedKeySpec", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
--- a/java/ql/lib/ext/javax.crypto.spec.model.yml
+++ b/java/ql/lib/ext/javax.crypto.spec.model.yml
@@ -11,9 +11,6 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
-      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[])", "", "Argument[0]", "credentials-password", "hq-generated"]
-      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[],byte[],int)", "", "Argument[0]", "credentials-password", "hq-generated"]
-      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[],byte[],int,int)", "", "Argument[0]", "credentials-password", "hq-generated"]
      - ["javax.crypto.spec", "DESKeySpec", False, "DESKeySpec", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["javax.crypto.spec", "DESKeySpec", False, "DESKeySpec", "(byte[],int)", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["javax.crypto.spec", "DESKeySpec", False, "isParityAdjusted", "(byte[],int)", "", "Argument[0]", "credentials-key", "hq-generated"]
@@ -21,5 +18,11 @@ extensions:
      - ["javax.crypto.spec", "DESedeKeySpec", False, "DESedeKeySpec", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["javax.crypto.spec", "DESedeKeySpec", False, "DESedeKeySpec", "(byte[],int)", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["javax.crypto.spec", "DESedeKeySpec", False, "isParityAdjusted", "(byte[],int)", "", "Argument[0]", "credentials-key", "hq-generated"]
+      - ["javax.crypto.spec", "DHPrivateKeySpec", False, "DHPrivateKeySpec", "", "", "Argument[0]", "credentials-key", "manual"]
+      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "", "", "Argument[1]", "encryption-salt", "manual"]
+      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[])", "", "Argument[0]", "credentials-password", "hq-generated"]
+      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[],byte[],int)", "", "Argument[0]", "credentials-password", "hq-generated"]
+      - ["javax.crypto.spec", "PBEKeySpec", False, "PBEKeySpec", "(char[],byte[],int,int)", "", "Argument[0]", "credentials-password", "hq-generated"]
+      - ["javax.crypto.spec", "PBEParameterSpec", False, "PBEParameterSpec", "", "", "Argument[0]", "encryption-salt", "manual"]
      - ["javax.crypto.spec", "SecretKeySpec", False, "SecretKeySpec", "(byte[],String)", "", "Argument[0]", "credentials-key", "hq-generated"]
      - ["javax.crypto.spec", "SecretKeySpec", False, "SecretKeySpec", "(byte[],int,int,String)", "", "Argument[0]", "credentials-key", "hq-generated"]
--- a/java/ql/lib/ext/org.springframework.core.io.model.yml
+++ b/java/ql/lib/ext/org.springframework.core.io.model.yml
@@ -3,5 +3,6 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+      - ["org.springframework.core.io", "Resource", True, "createRelative", "(String)", "", "Argument[0]", "path-injection", "manual"]
      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.springframework.web.util.model.yml
+++ b/java/ql/lib/ext/org.springframework.web.util.model.yml
@@ -1,4 +1,18 @@
 extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getLookupPathForRequest", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "ReturnValue", "remote", "manual"]
+
  - addsTo:
      pack: codeql/java-all
      extensible: summaryModel
@@ -147,15 +161,7 @@ extensions:
      - ["org.springframework.web.util", "UrlPathHelper", False, "decodeRequestString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "getContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "removeSemicolonContent", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(Map,String)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(ServletRequest,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "getCookie", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
--- a/java/ql/lib/ext/struts2.model.yml
+++ b/java/ql/lib/ext/struts2.model.yml
@@ -39,30 +39,19 @@ extensions:
      - ["com.opensymphony.xwork2", "ActionSupport", true, "getFormatted", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[0]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,List)", "", "Argument[1]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String)", "", "Argument[1]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[1]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[2]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List)", "", "Argument[this]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,List,ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[1]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String)", "", "Argument[2]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[2]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[])", "", "Argument[this]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[1]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[2]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String,String[],ValueStack)", "", "Argument[this]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[0]", "ognl-injection", "manual"]
-      - ["com.opensymphony.xwork2", "TextProvider", true, "getText", "(String,String[])", "", "Argument[1]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[0]", "ognl-injection", "manual"]
      - ["com.opensymphony.xwork2", "TextProvider", true, "hasKey", "(String)", "", "Argument[this]", "ognl-injection", "manual"]
      - ["org.apache.struts2.util", "StrutsUtil", true, "findString", "(String)", "", "Argument[0]", "ognl-injection", "manual"]