From a9bc23fa3e386462645909e1ff6026302079cba1 Mon Sep 17 00:00:00 2001 From: Michael Nebel Date: Tue, 20 Jun 2023 11:47:23 +0200 Subject: [PATCH] Java: Add threat model configuration related extensible predicates and some initial tuples. --- .../supported-threat-models.model.yml | 7 +++++ .../threat-model-grouping.model.yml | 25 +++++++++++++++ java/ql/lib/qlpack.yml | 1 + .../dataflow/ExternalFlowConfiguration.qll | 31 +++++++++++++++++++ 4 files changed, 64 insertions(+) create mode 100644 java/ql/lib/ext/threatmodels/supported-threat-models.model.yml create mode 100644 java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml create mode 100644 java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll diff --git a/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml b/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml new file mode 100644 index 00000000000..8c6c533228d --- /dev/null +++ b/java/ql/lib/ext/threatmodels/supported-threat-models.model.yml @@ -0,0 +1,7 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: supportedThreatModels + data: + - ["default"] # The "default" threat model is always included. diff --git a/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml new file mode 100644 index 00000000000..7f814fb0837 --- /dev/null +++ b/java/ql/lib/ext/threatmodels/threat-model-grouping.model.yml @@ -0,0 +1,25 @@ +extensions: + + - addsTo: + pack: codeql/java-all + extensible: threatModelGrouping + data: + # Default threat model + - ["remote", "default"] + - ["uri-path", "default"] + + # Android threat models + - ["android-widget", "android"] + - ["android-external-storage-dir", "android"] + - ["contentprovider", "android"] + - ["android-external-storage-dir", "android"] + + # Remote threat models + - ["request", "remote"] + - ["response", "remote"] + + # Local threat models + - ["database", "local"] + - ["cli", "local"] + - ["environment", "local"] + - ["file", "local"] diff --git a/java/ql/lib/qlpack.yml b/java/ql/lib/qlpack.yml index 29d751fb8e7..500fa0009ac 100644 --- a/java/ql/lib/qlpack.yml +++ b/java/ql/lib/qlpack.yml @@ -15,4 +15,5 @@ dataExtensions: - ext/*.model.yml - ext/generated/*.model.yml - ext/experimental/*.model.yml + - ext/threatmodels/*.model.yml warnOnImplicitThis: true diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll new file mode 100644 index 00000000000..a3bd7d158c2 --- /dev/null +++ b/java/ql/lib/semmle/code/java/dataflow/ExternalFlowConfiguration.qll @@ -0,0 +1,31 @@ +/** + * INTERNAL use only. This is an experimental API subject to change without notice. + * + * This module provides extensible predicates for configuring which kinds of MaD models + * are applicable to generic queries. + */ + +private import ExternalFlowExtensions + +/** + * Holds if the specified kind of source model is supported for the current query. + */ +extensible private predicate supportedThreatModels(string kind); + +/** + * Holds if the specified kind of source model is containted within the specified group. + */ +extensible private predicate threatModelGrouping(string kind, string group); + +/** + * Gets the threat models that are direct descendants of the specified kind/group. + */ +private string getChildThreatModel(string group) { threatModelGrouping(result, group) } + +/** + * Holds if the source model kind `kind` is relevant for generic queries + * under the current threat model configuration. + */ +predicate sourceModelKindConfig(string kind) { + exists(string group | supportedThreatModels(group) and kind = getChildThreatModel*(group)) +}