improve yaml models

2026-04-19 22:14:01 +02:00 · 2023-05-17 16:40:28 +02:00
parent 7baf244ac6
commit b235b1cbb9
2 changed files with 30 additions and 4 deletions
--- a/java/ql/lib/ext/com.google.gson.model.yml
+++ b/java/ql/lib/ext/com.google.gson.model.yml
@@ -3,11 +3,38 @@ extensions:
      pack: codeql/java-all
      extensible: summaryModel
    data:
-      - ["com.google.gson", "Gson", False, "toJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["com.google.gson", "Gson", False, "toJsonTree", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["com.google.gson", "Gson", False, "toString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson", "Gson", False, "fromJson", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(JsonElement)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(JsonElement,JsonWriter)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(JsonElement,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(Object,Appendable)", "", "Argument[0]", "Argument[1]", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(Object,Type)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(Object,Type,Appendable)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJson", "(Object,Type,JsonWriter)", "", "Argument[0]", "Argument[2]", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJsonTree", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toJsonTree", "(Object,Type)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "Gson", False, "toString", "()", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson", "Gson", False, "newJsonReader", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson", "Gson", False, "newJsonWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson.stream", "JsonReader", False, "nextName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["com.google.gson.stream", "JsonReader", False, "nextString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsByte", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsCharacter", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsJsonArray", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsJsonObject", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this]", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "add", "", "", "Argument[1]", "Argument[this]", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "addProperty", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "asMap", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(Character)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
--- a/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/google/GsonSerializability.qll
@@ -53,7 +53,6 @@ class GsonDeserializableField extends DeserializableField {
    exists(GsonDeserializableType superType |
      superType = this.getDeclaringType().getAnAncestor() and
      not superType instanceof TypeObject and
-      // TODO: if we have the source, can we just track the flow through the backing fields?
      //superType.fromSource()
      not superType.(RefType).getPackage().getName().matches("java%")
    )