Update MaD Declarations after Triage

2026-04-26 09:15:12 +02:00 · 2023-12-21 15:39:03 +01:00
parent 1b9f59efa7
commit a9d21cef01
4 changed files with 20 additions and 1 deletions
--- a/java/ql/lib/change-notes/2023-12-21-new-models.md
+++ b/java/ql/lib/change-notes/2023-12-21-new-models.md
@@ -0,0 +1,8 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * io.undertow.server.handlers.resource
+  * java.awt
+  * javax.servlet.http
--- a/java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml
+++ b/java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["io.undertow.server.handlers.resource", "URLResource", True, "URLResource", "(URL,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
--- a/java/ql/lib/ext/java.awt.model.yml
+++ b/java/ql/lib/ext/java.awt.model.yml
@@ -6,7 +6,6 @@ extensions:
      - ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
      - ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "ReturnValue", "value", "manual"]
      - ["java.awt", "Container", True, "add", "(Component,Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
-
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
@@ -14,3 +13,8 @@ extensions:
      # The below APIs have numeric flow and are currently being stored as neutral models.
      # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
      - ["java.awt", "Insets", "Insets", "(int,int,int,int)", "summary", "manual"] # value-numeric
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.awt", "Desktop", True, "browse", "(URI)", "", "Argument[0]", "request-forgery", "ai-manual"]
--- a/java/ql/lib/ext/javax.servlet.http.model.yml
+++ b/java/ql/lib/ext/javax.servlet.http.model.yml
@@ -26,6 +26,7 @@ extensions:
      - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
      - ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"]
      - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
+      - ["javax.servlet.http", "HttpServletResponse", True, "sendRedirect", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"]
      - ["javax.servlet.http", "HttpSession", True, "putValue", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
      - ["javax.servlet.http", "HttpSession", True, "setAttribute", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
  - addsTo: