Java: switch to createRelative sink and add UrlPathHelper sources

2025-12-17 01:03:14 +01:00 · 2023-11-27 17:46:13 -05:00
parent efa5ab18c1
commit ba3548b317
3 changed files with 15 additions and 15 deletions
--- a/java/ql/lib/ext/org.springframework.cloud.config.server.environment.model.yml
+++ b/java/ql/lib/ext/org.springframework.cloud.config.server.environment.model.yml
@@ -1,7 +0,0 @@
-extensions:
-  - addsTo:
-      pack: codeql/java-all
-      extensible: summaryModel
-    data:
-      - ["org.springframework.cloud.config.server.environment", "SearchPathLocator", True, "getLocations", "(String,String,String)", "", "Argument[0..2]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.cloud.config.server.environment", "SearchPathLocator$Locations", True, "getLocations", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
--- a/java/ql/lib/ext/org.springframework.core.io.model.yml
+++ b/java/ql/lib/ext/org.springframework.core.io.model.yml
@@ -3,5 +3,6 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+      - ["org.springframework.core.io", "Resource", True, "createRelative", "(String)", "", "Argument[0]", "path-injection", "manual"]
      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
      - ["org.springframework.core.io", "ResourceLoader", True, "getResource", "(String)", "", "Argument[0]", "request-forgery", "manual"]
--- a/java/ql/lib/ext/org.springframework.web.util.model.yml
+++ b/java/ql/lib/ext/org.springframework.web.util.model.yml
@@ -1,4 +1,18 @@
 extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getLookupPathForRequest", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "ReturnValue", "remote", "manual"]
+      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "ReturnValue", "remote", "manual"]
+
  - addsTo:
      pack: codeql/java-all
      extensible: summaryModel
@@ -147,15 +161,7 @@ extensions:
      - ["org.springframework.web.util", "UrlPathHelper", False, "decodeRequestString", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "getContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingContextPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingQueryString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getOriginatingRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinApplication", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getPathWithinServletMapping", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getRequestUri", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getResolvedLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "getServletPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "UrlPathHelper", False, "removeSemicolonContent", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["org.springframework.web.util", "UrlPathHelper", False, "resolveAndCacheLookupPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(Map,String)", "", "Argument[0].MapValue", "ReturnValue", "value", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "findParameterValue", "(ServletRequest,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
      - ["org.springframework.web.util", "WebUtils", False, "getCookie", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]