Merge pull request #14029 from atorralba/atorralba/apache-cxf-models

Java: Add new Apache CXF models
2026-04-27 09:45:15 +02:00 · 2023-09-18 10:54:05 +02:00
parent a3e2e420f0 25ac87279e
commit b08e410f45
32 changed files with 870 additions and 275 deletions
--- a/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md
+++ b/java/ql/lib/change-notes/2023-08-23-apache-cxf-models.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added new dataflow models for the Apache CXF framework.
--- a/java/ql/lib/ext/org.apache.cxf.catalog.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.catalog.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.catalog", "OASISCatalogManager", True, "loadCatalog", "(URL)", "", "Argument[0]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.common.classloader.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.common.classloader.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.common.classloader", "ClassLoaderUtils", True, "getResourceAsStream", "(String,Class)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.common.classloader", "ClassLoaderUtils", True, "getURLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "request-forgery", "manual"]
+      - ["org.apache.cxf.common.classloader", "ClassLoaderUtils", True, "getURLClassLoader", "(List,ClassLoader)", "", "Argument[0]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.common.jaxb.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.common.jaxb.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.common.jaxb", "JAXBUtils", True, "createFileCodeWriter", "", "", "Argument[0]", "path-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.common.logging.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.common.logging.model.yml
@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String)", "", "Argument[2]", "log-injection", "manual"]
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String,Object)", "", "Argument[2]", "log-injection", "manual"]
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String,Object[])", "", "Argument[2]", "log-injection", "manual"]
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String,Throwable)", "", "Argument[2]", "log-injection", "manual"]
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String,Throwable,Object)", "", "Argument[2]", "log-injection", "manual"]
+      - ["org.apache.cxf.common.logging", "LogUtils", True, "log", "(Logger,Level,String,Throwable,Object[])", "", "Argument[2]", "log-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.configuration.jsse.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.configuration.jsse.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.configuration.jsse", "SSLUtils", True, "loadFile", "(String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.configuration.jsse", "TLSClientParameters", True, "setHostnameVerifier", "(HostnameVerifier)", "", "Argument[0]", "hostname-verification", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.feature.transform.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.feature.transform.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.transform", "XSLTUtils", True, "transform", "(Templates,InputStream)", "", "Argument[0]", "xslt-injection", "manual"]
+      - ["org.apache.cxf.transform", "XSLTUtils", True, "transform", "(Templates,Reader)", "", "Argument[0]", "xslt-injection", "manual"]
+      - ["org.apache.cxf.transform", "XSLTUtils", True, "transform", "(Templates,Document)", "", "Argument[0]", "xslt-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.helpers.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.helpers.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.helpers", "FileUtils", True, "delete", "(File)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.helpers", "FileUtils", True, "delete", "(File,boolean)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.helpers", "FileUtils", True, "mkdir", "(File)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.helpers", "FileUtils", True, "readLines", "(File)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.helpers", "FileUtils", True, "removeDir", "(File)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.helpers", "XPathUtils", True, "getValue", "(String,Node,QName)", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["org.apache.cxf.helpers", "XPathUtils", True, "getValueList", "(String,Node)", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["org.apache.cxf.helpers", "XPathUtils", True, "getValueNode", "(String,Node)", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["org.apache.cxf.helpers", "XPathUtils", True, "getValueString", "(String,Node)", "", "Argument[0]", "xpath-injection", "manual"]
+      - ["org.apache.cxf.helpers", "XPathUtils", True, "isExist", "(String,Node,QName)", "", "Argument[0]", "xpath-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.resource.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.resource.model.yml
@@ -0,0 +1,14 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.resource", "ExtendedURIResolver", True, "resolve", "(String,String)", "", "Argument[0]", "request-forgery", "manual"]
+      - ["org.apache.cxf.resource", "ExtendedURIResolver", True, "resolve", "(String,String)", "", "Argument[1]", "path-injection", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "URIResolver", "(String)", "", "Argument[0]", "request-forgery", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "URIResolver", "(String,String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "URIResolver", "(String,String)", "", "Argument[1]", "request-forgery", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "URIResolver", "(String,String,Class)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "URIResolver", "(String,String,Class)", "", "Argument[1]", "request-forgery", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "resolve", "(String,String,Class)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.resource", "URIResolver", True, "resolve", "(String,String,Class)", "", "Argument[1]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.staxutils.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.staxutils.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.staxutils", "StaxUtils", True, "read", "(File)", "", "Argument[0]", "path-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.tools.corba.utils.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.tools.corba.utils.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.tools.corba.utils", "FileOutputStreamFactory", true, "FileOutputStreamFactory", "(String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.corba.utils", "FileOutputStreamFactory", true, "FileOutputStreamFactory", "(String,FileOutputStreamFactory)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.corba.utils", "OutputStreamFactory", true, "createOutputStream", "(String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.corba.utils", "OutputStreamFactory", true, "createOutputStream", "(String,String)", "", "Argument[0..1]", "path-injection", "manual"]
--- a/java/ql/lib/ext/org.apache.cxf.tools.util.model.yml
+++ b/java/ql/lib/ext/org.apache.cxf.tools.util.model.yml
@@ -0,0 +1,15 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "FileWriterUtil", "(String,OutputStreamCreator)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "buildDir", "(String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getFileToWrite", "(String,String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getFileToWrite", "(String,String)", "", "Argument[1]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getWriter", "(File,String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getWriter", "(String,String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getWriter", "(String,String)", "", "Argument[1]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getWriter", "(String,String,String)", "", "Argument[0]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "FileWriterUtil", True, "getWriter", "(String,String,String)", "", "Argument[1]", "path-injection", "manual"]
+      - ["org.apache.cxf.tools.util", "OutputStreamCreator", true, "createOutputStream", "(File)", "", "Argument[0]", "path-injection", "manual"]