diff --git a/java/ql/lib/change-notes/2024-01-31-new-models.md b/java/ql/lib/change-notes/2024-01-31-new-models.md new file mode 100644 index 00000000000..f57b06ecac9 --- /dev/null +++ b/java/ql/lib/change-notes/2024-01-31-new-models.md @@ -0,0 +1,30 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + + * android.app + * io.grpc + * java.io + * java.lang + * java.net + * java.net.http + * java.nio.file + * java.util.jar + * java.util.zip + * javax.annotation.processing + * javax.servlet + * javax.xml.parsers + * kotlin.io + * me.chanjar.weixin.common.util.http + * org.apache.beam.runners.core.construction + * org.apache.commons.io + * org.apache.directory.server.kerberos.shared.keytab + * org.apache.flink.runtime.rest.handler.router + * org.apache.hadoop.fs + * org.apache.hadoop.fs.s3a + * org.apache.http.impl.client + * org.eclipse.jetty.client + * org.eclipse.jetty.util.ssl + * org.gradle.api.file + * org.keycloak.testsuite.cli.exec diff --git a/java/ql/lib/ext/android.app.model.yml b/java/ql/lib/ext/android.app.model.yml index d7a236871a7..bf82aa4cec5 100644 --- a/java/ql/lib/ext/android.app.model.yml +++ b/java/ql/lib/ext/android.app.model.yml @@ -6,6 +6,7 @@ extensions: - ["android.app", "Activity", True, "bindService", "", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "Activity", True, "bindServiceAsUser", "", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "Activity", True, "setResult", "(int,Intent)", "", "Argument[1]", "pending-intents", "manual"] + - ["android.app", "Activity", True, "startActivity", "(Intent)", "", "Argument[0]", "intent-redirection", "ai-manual"] - ["android.app", "Activity", True, "startActivityAsCaller", "", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int)", "", "Argument[0]", "intent-redirection", "manual"] - ["android.app", "Activity", True, "startActivityForResult", "(Intent,int,Bundle)", "", "Argument[0]", "intent-redirection", "manual"] diff --git a/java/ql/lib/ext/io.grpc.model.yml b/java/ql/lib/ext/io.grpc.model.yml new file mode 100644 index 00000000000..7c66e2b23bf --- /dev/null +++ b/java/ql/lib/ext/io.grpc.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["io.grpc", "ManagedChannelBuilder", False, "forAddress", "(String,int)", "", Argument[0], "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 1bd9251c29d..0fe99bba86c 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -10,6 +10,7 @@ extensions: - ["java.io", "File", True, "createNewFile", "()", "", "Argument[this]", "path-injection", "ai-manual"] - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[this]", "path-injection", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "path-injection", "manual"] @@ -132,4 +133,4 @@ extensions: pack: codeql/java-all extensible: sourceModel data: - - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"] \ No newline at end of file + - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index e5ee383c522..8a257e51048 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -5,6 +5,10 @@ extensions: data: - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", False, "getSystemResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] @@ -14,6 +18,7 @@ extensions: - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-manual"] - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] - ["java.lang", "ProcessBuilder", False, "redirectError", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "ProcessBuilder", False, "redirectOutput", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.lang", "Runtime", True, "exec", "(String)", "", "Argument[0]", "command-injection", "ai-manual"] - ["java.lang", "Runtime", True, "exec", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] - ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.net.http.model.yml b/java/ql/lib/ext/java.net.http.model.yml index 9fc18d2eaab..b920eb3da08 100644 --- a/java/ql/lib/ext/java.net.http.model.yml +++ b/java/ql/lib/ext/java.net.http.model.yml @@ -8,5 +8,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["java.net.http", "HttpClient", True, "send", "(HttpRequest,HttpResponse$BodyHandler)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["java.net.http", "HttpRequest", False, "newBuilder", "", "", "Argument[0]", "request-forgery", "manual"] - ["java.net.http", "HttpRequest$Builder", False, "uri", "", "", "Argument[0]", "request-forgery", "manual"] diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml index bdc40590fde..c33cd0e83a5 100644 --- a/java/ql/lib/ext/java.net.model.yml +++ b/java/ql/lib/ext/java.net.model.yml @@ -10,6 +10,7 @@ extensions: extensible: sinkModel data: - ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,InetAddress,int)", "", "Argument[2]", "request-forgery", "ai-manual"] + - ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,InetAddress,int)", "", "Argument[3]", "request-forgery", "ai-manual"] - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String,char[])", "", "Argument[1]", "credentials-password", "hq-generated"] - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"] @@ -39,6 +40,8 @@ extensions: - ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] - ["java.net", "URI", False, "resolve", "(URI)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] - ["java.net", "URI", False, "URI", "(String,String,String,int,String,String,String)", "", "Argument[5]", "Argument[this].SyntheticField[java.net.URI.query]", "taint", "ai-manual"] + - ["java.net", "URI", False, "URI", "(String,String,String,int,String,String,String)", "", Argument[4], "ReturnValue", "taint", "ai-manual"] + - ["java.net", "URI", False, "URI", "(String,String,String)", "", Argument[1], "ReturnValue", "taint", "ai-manual"] - ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 3c77c876eee..567859f47ae 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -67,6 +67,7 @@ extensions: - ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "FileSystems", False, "getFileSystem", "(URI)", "", Argument[0], "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Path", True, "getFileName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] @@ -81,6 +82,7 @@ extensions: - ["java.nio.file", "Path", False, "toFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Path", True, "toUri", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["java.nio.file", "Paths", False, "get", "(String,String[])", "", Argument[1], "ReturnValue", "taint", "ai-manual"] - ["java.nio.file", "Paths", True, "get", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["java.nio.file", "Paths", True, "get", "", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # Not supported by current lambda flow diff --git a/java/ql/lib/ext/java.util.jar.model.yml b/java/ql/lib/ext/java.util.jar.model.yml new file mode 100644 index 00000000000..6d5c5908a7c --- /dev/null +++ b/java/ql/lib/ext/java.util.jar.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.util.jar", "JarOutputStream", True, "putNextEntry", "(ZipEntry)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.util.zip.model.yml b/java/ql/lib/ext/java.util.zip.model.yml index 577e6b35723..29c51d5def7 100644 --- a/java/ql/lib/ext/java.util.zip.model.yml +++ b/java/ql/lib/ext/java.util.zip.model.yml @@ -5,6 +5,7 @@ extensions: data: - ["java.util.zip", "GZIPInputStream", False, "GZIPInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["java.util.zip", "ZipEntry", True, "ZipEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"] + - ["java.util.zip", "ZipFile", True, "getInputStream", "(ZipEntry)", "", Argument[0], "ReturnValue", "taint", "ai-manual"] - ["java.util.zip", "ZipInputStream", False, "ZipInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] - addsTo: pack: codeql/java-all diff --git a/java/ql/lib/ext/javax.annotation.processing.model.yml b/java/ql/lib/ext/javax.annotation.processing.model.yml new file mode 100644 index 00000000000..b7d189f1b4d --- /dev/null +++ b/java/ql/lib/ext/javax.annotation.processing.model.yml @@ -0,0 +1,7 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.annotation.processing", "Filer", True, "createResource", "(JavaFileManager$Location,CharSequence,CharSequence,Element[])", "", Argument[0], "ReturnValue", "taint", "ai-manual"] + - ["javax.annotation.processing", "Filer", True, "createResource", "(JavaFileManager$Location,CharSequence,CharSequence,Element[])", "", Argument[2], "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml index 7d7f432d2bd..acd9bb6a6d4 100644 --- a/java/ql/lib/ext/javax.servlet.model.yml +++ b/java/ql/lib/ext/javax.servlet.model.yml @@ -9,9 +9,13 @@ extensions: - ["javax.servlet", "ServletRequest", False, "getParameterNames", "()", "", "ReturnValue", "remote", "manual"] - ["javax.servlet", "ServletRequest", False, "getParameterValues", "(String)", "", "ReturnValue", "remote", "manual"] - ["javax.servlet", "ServletRequest", False, "getReader", "()", "", "ReturnValue", "remote", "manual"] - - addsTo: pack: codeql/java-all extensible: sinkModel data: - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + - ["javax.servlet", "ServletRequest", True, "getParameter", "(String)", "", Argument[0], "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/javax.xml.parsers.model.yml b/java/ql/lib/ext/javax.xml.parsers.model.yml new file mode 100644 index 00000000000..d39a28f5942 --- /dev/null +++ b/java/ql/lib/ext/javax.xml.parsers.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["javax.xml.parsers", "DocumentBuilder", True, "parse", "(InputSource)", "", "Argument[0]", "xxe", "ai-manual"] diff --git a/java/ql/lib/ext/kotlin.io.model.yml b/java/ql/lib/ext/kotlin.io.model.yml index b748e04a292..c65862f6eac 100644 --- a/java/ql/lib/ext/kotlin.io.model.yml +++ b/java/ql/lib/ext/kotlin.io.model.yml @@ -3,6 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["kotlin.io", "FilesKt", False, "appendText$default", "(File,String,Charset,int,Object)", "", "Argument[0]", "path-injection", "ai-manual"] - ["kotlin.io", "FilesKt", False, "deleteRecursively", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/me.chanjar.weixin.common.util.http.model.yml b/java/ql/lib/ext/me.chanjar.weixin.common.util.http.model.yml new file mode 100644 index 00000000000..c7875960647 --- /dev/null +++ b/java/ql/lib/ext/me.chanjar.weixin.common.util.http.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["me.chanjar.weixin.common.util.http", "RequestExecutor", True, "execute", "(String,Object,WxType)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.beam.runners.core.construction.model.yml b/java/ql/lib/ext/org.apache.beam.runners.core.construction.model.yml new file mode 100644 index 00000000000..49823a80466 --- /dev/null +++ b/java/ql/lib/ext/org.apache.beam.runners.core.construction.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.beam.runners.core.construction", "Environments", False, "createProcessEnvironment", "(String,String,String,Map)", "", "Argument[2]", "command-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index 20de13c5366..fccecd72912 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -21,6 +21,7 @@ extensions: - ["org.apache.commons.io", "FileUtils", False, "forceMkdir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["org.apache.commons.io", "FileUtils", False, "moveDirectory", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["org.apache.commons.io", "FileUtils", False, "readFileToByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.commons.io", "FileUtils", False, "readFileToString", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - ["org.apache.commons.io", "FileUtils", False, "writeLines", "(File,String,Collection,String)", "", "Argument[3]", "file-content-store", "ai-manual"] - ["org.apache.commons.io", "FileUtils", False, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[1]", "file-content-store", "ai-manual"] - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.directory.server.kerberos.shared.keytab.model.yml b/java/ql/lib/ext/org.apache.directory.server.kerberos.shared.keytab.model.yml new file mode 100644 index 00000000000..f85619fe703 --- /dev/null +++ b/java/ql/lib/ext/org.apache.directory.server.kerberos.shared.keytab.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.directory.server.kerberos.shared.keytab", "Keytab", True, "write", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.flink.runtime.rest.handler.router.model.yml b/java/ql/lib/ext/org.apache.flink.runtime.rest.handler.router.model.yml new file mode 100644 index 00000000000..215b5d53a8d --- /dev/null +++ b/java/ql/lib/ext/org.apache.flink.runtime.rest.handler.router.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.flink.runtime.rest.handler.router", "MethodlessRouter", False, "route", "(String,String,Map,String[])", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml index ba819b73776..79dab1de37b 100644 --- a/java/ql/lib/ext/org.apache.hadoop.fs.model.yml +++ b/java/ql/lib/ext/org.apache.hadoop.fs.model.yml @@ -13,3 +13,10 @@ extensions: - ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] - ["org.apache.hadoop.fs", "Path", True, "Path", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.hadoop.fs", "FileSystem", True, "makeQualified", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.hadoop.fs", "FileSystem", True, "rename", "(Path,Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.hadoop.fs", "FileSystem", True, "rename", "(Path,Path)", "", "Argument[1]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.hadoop.fs.s3a.model.yml b/java/ql/lib/ext/org.apache.hadoop.fs.s3a.model.yml new file mode 100644 index 00000000000..4d5d9484335 --- /dev/null +++ b/java/ql/lib/ext/org.apache.hadoop.fs.s3a.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.hadoop.fs.s3a", "WriteOperationHelper", True, "createPutObjectRequest", "(String,File)", "", "Argument[1]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.http.impl.client.model.yml b/java/ql/lib/ext/org.apache.http.impl.client.model.yml index be517e5344f..6f407ac3682 100644 --- a/java/ql/lib/ext/org.apache.http.impl.client.model.yml +++ b/java/ql/lib/ext/org.apache.http.impl.client.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["org.apache.http.impl.client", "CloseableHttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["org.apache.http.impl.client", "RequestWrapper", True, "setURI", "(URI)", "", "Argument[0]", "request-forgery", "hq-manual"] diff --git a/java/ql/lib/ext/org.eclipse.jetty.client.model.yml b/java/ql/lib/ext/org.eclipse.jetty.client.model.yml index 28c3430e818..bd3b4f58e72 100644 --- a/java/ql/lib/ext/org.eclipse.jetty.client.model.yml +++ b/java/ql/lib/ext/org.eclipse.jetty.client.model.yml @@ -3,4 +3,5 @@ extensions: pack: codeql/java-all extensible: sinkModel data: + - ["org.eclipse.jetty.client", "HttpClient", True, "GET", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["org.eclipse.jetty.client", "HttpClient", True, "newRequest", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.eclipse.jetty.util.ssl.model.yml b/java/ql/lib/ext/org.eclipse.jetty.util.ssl.model.yml new file mode 100644 index 00000000000..d4d796939d3 --- /dev/null +++ b/java/ql/lib/ext/org.eclipse.jetty.util.ssl.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.eclipse.jetty.util.ssl", "SslContextFactory", True, "newSSLEngine", "(InetSocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"] diff --git a/java/ql/lib/ext/org.gradle.api.file.model.yml b/java/ql/lib/ext/org.gradle.api.file.model.yml index 4f492cdbcbc..7123cd0d0ca 100644 --- a/java/ql/lib/ext/org.gradle.api.file.model.yml +++ b/java/ql/lib/ext/org.gradle.api.file.model.yml @@ -4,4 +4,5 @@ extensions: extensible: summaryModel data: - ["org.gradle.api.file", "Directory", True, "getAsFile", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] + - ["org.gradle.api.file", "DirectoryProperty", True, "dir", "(String)", "", Argument[0], "ReturnValue", "taint", "ai-manual"] - ["org.gradle.api.file", "DirectoryProperty", True, "file", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"] diff --git a/java/ql/lib/ext/org.keycloak.testsuite.cli.exec.model.yml b/java/ql/lib/ext/org.keycloak.testsuite.cli.exec.model.yml new file mode 100644 index 00000000000..cee20360b6a --- /dev/null +++ b/java/ql/lib/ext/org.keycloak.testsuite.cli.exec.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.keycloak.testsuite.cli.exec", "AbstractExecBuilder", True, "argsLine", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]