Update MaD Declarations after Triage

java/ql/lib/change-notes/2023-06-13-new-models.md

@@ -0,0 +1,13 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.alibaba.fastjson2
+  * jakarta.ws.rs.core
+  * javax.management
+  * javax.script
+  * org.apache.commons.cli
+  * org.apache.dubbo.rpc.cluster.router.state
+  * org.apache.http.client.utils
+  * org.hibernate.internal.util.collections

java/ql/lib/ext/com.alibaba.fastjson2.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.alibaba.fastjson2", "JSON", False, "parseArray", "(String,Class)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"]

java/ql/lib/ext/jakarta.ws.rs.core.model.yml

@@ -3,6 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["jakarta.ws.rs.core", "Response", False, "created", "(URI)", "", "Argument[0]", "request-forgery", "ai-manual"] # it's unclear whether this does some sanitization (in which case it's likely a negative)
       - ["jakarta.ws.rs.core", "Response", True, "seeOther", "", "", "Argument[0]", "url-redirection", "manual"]
       - ["jakarta.ws.rs.core", "Response", True, "temporaryRedirect", "", "", "Argument[0]", "url-redirection", "manual"]
   - addsTo:

java/ql/lib/ext/javax.management.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["javax.management", "ObjectName", True, "ObjectName", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]

java/ql/lib/ext/javax.script.model.yml

@@ -3,4 +3,5 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+# suggested label is not supported:      - ["javax.script", "Compilable", True, "compile", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
       - ["javax.script", "CompiledScript", False, "eval", "", "", "Argument[this]", "mvel-injection", "manual"]

java/ql/lib/ext/org.apache.commons.cli.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.cli", "DefaultParser", True, "parse", "(Options,String[])", "", "Argument[1]", "path-injection", "ai-manual"]

java/ql/lib/ext/org.apache.dubbo.rpc.cluster.router.state.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.dubbo.rpc.cluster.router.state", "AbstractStateRouter", True, "setUrl", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"]

java/ql/lib/ext/org.apache.http.client.utils.model.yml

@@ -3,6 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
+      - ["org.apache.http.client.utils", "URIBuilder", True, "setPort", "(int)", "", "Argument[undefined]", "ReturnValue", "taint", "ai-manual"] # actually a value step
       - ["org.apache.http.client.utils", "URIBuilder", True, "URIBuilder", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
       - ["org.apache.http.client.utils", "URIBuilder", True, "URIBuilder", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
       - ["org.apache.http.client.utils", "URIBuilder", True, "URIBuilder", "(URI,Charset)", "", "Argument[0]", "Argument[this]", "taint", "hq-manual"]

java/ql/lib/ext/org.hibernate.internal.util.collections.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.hibernate.internal.util.collections", "Stack", True, "push", "(Statement)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]