hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 11:15:13 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: Manually model ZipFile (due to CWE-522 compression bombs test failure).

Browse Source
This commit is contained in:
Michael Nebel
2024-10-03 11:27:28 +02:00
parent f537e04532
commit b356c3cd48
5 changed files with 24 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
java/ql/lib/ext/java.util.zip.model.yml
View File

@@ -5,7 +5,20 @@ extensions:
data:
- ["java.util.zip", "GZIPInputStream", False, "GZIPInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipEntry", True, "ZipEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(File)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(File,Charset)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(File,int)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(File,int,Charset)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "ZipFile", "(String,Charset)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "entries", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "getComment", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "getEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "getEntry", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "getInputStream", "(ZipEntry)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.util.zip", "ZipFile", True, "getInputStream", "(ZipEntry)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipFile", True, "stream", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.util.zip", "ZipInputStream", False, "ZipInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- addsTo:
pack: codeql/java-all