mirror of
https://github.com/github/codeql.git
synced 2025-12-20 18:56:32 +01:00
Merge pull request #5751 from aschackmull/java/collection-flow
Java: Convert all collection and array steps from taint flow to value flow.
This commit is contained in:
Anders Schack-Mulligen
5
java/change-notes/2021-06-01-collection-flow.md
Normal file
5
java/change-notes/2021-06-01-collection-flow.md
Normal file
@@ -0,0 +1,5 @@
|
|||||||
|
lgtm,codescanning
|
||||||
|
* Data flow now tracks steps through collections and arrays more precisely.
|
||||||
|
That means that collection and array read steps are now matched up with
|
||||||
|
preceding store steps. This results in increased precision for all flow-based
|
||||||
|
queries, in particular most of the security queries.
|
||||||
@@ -75,6 +75,7 @@ private import FlowSummary
|
|||||||
* ensuring that they are visible to the taint tracking / data flow library.
|
* ensuring that they are visible to the taint tracking / data flow library.
|
||||||
*/
|
*/
|
||||||
private module Frameworks {
|
private module Frameworks {
|
||||||
|
private import internal.ContainerFlow
|
||||||
private import semmle.code.java.frameworks.ApacheHttp
|
private import semmle.code.java.frameworks.ApacheHttp
|
||||||
private import semmle.code.java.frameworks.apache.Lang
|
private import semmle.code.java.frameworks.apache.Lang
|
||||||
private import semmle.code.java.frameworks.guava.Guava
|
private import semmle.code.java.frameworks.guava.Guava
|
||||||
@@ -482,7 +483,7 @@ module CsvValidation {
|
|||||||
not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
|
not namespace.regexpMatch("[a-zA-Z0-9_\\.]+") and
|
||||||
msg = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
|
msg = "Dubious namespace \"" + namespace + "\" in " + pred + " model."
|
||||||
or
|
or
|
||||||
not type.regexpMatch("[a-zA-Z0-9_\\$]+") and
|
not type.regexpMatch("[a-zA-Z0-9_\\$<>]+") and
|
||||||
msg = "Dubious type \"" + type + "\" in " + pred + " model."
|
msg = "Dubious type \"" + type + "\" in " + pred + " model."
|
||||||
or
|
or
|
||||||
not name.regexpMatch("[a-zA-Z0-9_]*") and
|
not name.regexpMatch("[a-zA-Z0-9_]*") and
|
||||||
@@ -566,7 +567,7 @@ private RefType interpretType(string namespace, string type, boolean subtypes) {
|
|||||||
private string paramsStringPart(Callable c, int i) {
|
private string paramsStringPart(Callable c, int i) {
|
||||||
i = -1 and result = "("
|
i = -1 and result = "("
|
||||||
or
|
or
|
||||||
exists(int n, string p | c.getParameterType(n).toString() = p |
|
exists(int n, string p | c.getParameterType(n).getErasure().toString() = p |
|
||||||
i = 2 * n and result = p
|
i = 2 * n and result = p
|
||||||
or
|
or
|
||||||
i = 2 * n - 1 and result = "," and n != 0
|
i = 2 * n - 1 and result = "," and n != 0
|
||||||
|
|||||||
@@ -1,6 +1,9 @@
|
|||||||
import java
|
import java
|
||||||
import semmle.code.java.Collections
|
import semmle.code.java.Collections
|
||||||
import semmle.code.java.Maps
|
import semmle.code.java.Maps
|
||||||
|
private import semmle.code.java.dataflow.SSA
|
||||||
|
private import DataFlowUtil
|
||||||
|
private import semmle.code.java.dataflow.ExternalFlow
|
||||||
|
|
||||||
private class EntryType extends RefType {
|
private class EntryType extends RefType {
|
||||||
EntryType() {
|
EntryType() {
|
||||||
@@ -88,6 +91,286 @@ class ContainerType extends RefType {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private class ContainerFlowSummaries extends SummaryModelCsv {
|
||||||
|
override predicate row(string row) {
|
||||||
|
row =
|
||||||
|
[
|
||||||
|
"java.util;Map<>$Entry;true;getValue;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map<>$Entry;true;setValue;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map<>$Entry;true;setValue;;;Argument[0];MapValue of Argument[-1];value",
|
||||||
|
"java.lang;Iterable;true;iterator;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.lang;Iterable;true;spliterator;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Iterator;true;next;;;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;ListIterator;true;previous;;;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;ListIterator;true;add;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;ListIterator;true;set;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Enumeration;true;asIterator;;;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Enumeration;true;nextElement;;;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;computeIfAbsent;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;computeIfAbsent;;;ReturnValue of Argument[1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;computeIfAbsent;;;ReturnValue of Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;entrySet;;;MapValue of Argument[-1];MapValue of Element of ReturnValue;value",
|
||||||
|
"java.util;Map;true;entrySet;;;MapKey of Argument[-1];MapKey of Element of ReturnValue;value",
|
||||||
|
"java.util;Map;true;get;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;getOrDefault;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;getOrDefault;;;Argument[1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;put;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;put;;;Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Map;true;put;;;Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;putIfAbsent;;;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;putIfAbsent;;;Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Map;true;putIfAbsent;;;Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;remove;(Object);;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;replace;(Object,Object);;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Map;true;replace;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Map;true;replace;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;replace;(Object,Object,Object);;Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Map;true;replace;(Object,Object,Object);;Argument[2];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;keySet;();;MapKey of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Map;true;values;();;MapValue of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Map;true;merge;(Object,Object,BiFunction);;Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Map;true;putAll;(Map);;MapKey of Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Map;true;putAll;(Map);;MapValue of Argument[0];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Collection;true;parallelStream;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Collection;true;stream;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Collection;true;toArray;;;Element of Argument[-1];ArrayElement of ReturnValue;value",
|
||||||
|
"java.util;Collection;true;toArray;;;Element of Argument[-1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Collection;true;add;;;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Collection;true;addAll;;;Element of Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;List;true;get;(int);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;List;true;listIterator;;;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;List;true;remove;(int);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;List;true;set;(int,Object);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;List;true;set;(int,Object);;Argument[1];Element of Argument[-1];value",
|
||||||
|
"java.util;List;true;subList;;;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;List;true;add;(int,Object);;Argument[1];Element of Argument[-1];value",
|
||||||
|
"java.util;List;true;addAll;(int,Collection);;Element of Argument[1];Element of Argument[-1];value",
|
||||||
|
"java.util;Vector;true;elementAt;(int);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Vector;true;elements;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Vector;true;firstElement;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Vector;true;lastElement;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Vector;true;addElement;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Vector;true;insertElementAt;(Object,int);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Vector;true;setElementAt;(Object,int);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Vector;true;copyInto;(Object[]);;Element of Argument[-1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Stack;true;peek;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Stack;true;pop;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Stack;true;push;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Queue;true;element;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Queue;true;peek;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Queue;true;poll;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Queue;true;remove;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Queue;true;offer;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Deque;true;descendingIterator;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Deque;true;getFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;getLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;peekFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;peekLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;pollFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;pollLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;pop;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;removeFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;removeLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Deque;true;push;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Deque;true;offerLast;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Deque;true;offerFirst;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Deque;true;addLast;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;Deque;true;addFirst;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;pollFirst;(long,TimeUnit);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;pollLast;(long,TimeUnit);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;takeFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;takeLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;poll;(long,TimeUnit);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;take;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;offer;(Object,long,TimeUnit);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;put;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;offerLast;(Object,long,TimeUnit);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;offerFirst;(Object,long,TimeUnit);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;putLast;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingDeque;true;putFirst;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;drainTo;(Collection,int);;Element of Argument[-1];Element of Argument[0];value",
|
||||||
|
"java.util.concurrent;BlockingQueue;true;drainTo;(Collection);;Element of Argument[-1];Element of Argument[0];value",
|
||||||
|
"java.util.concurrent;ConcurrentHashMap;true;elements;();;MapValue of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Dictionary;true;elements;();;MapValue of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Dictionary;true;get;(Object);;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Dictionary;true;put;(Object,Object);;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;Dictionary;true;put;(Object,Object);;Argument[0];MapKey of Argument[-1];value",
|
||||||
|
"java.util;Dictionary;true;put;(Object,Object);;Argument[1];MapValue of Argument[-1];value",
|
||||||
|
"java.util;Dictionary;true;remove;(Object);;MapValue of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;ceilingEntry;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;ceilingEntry;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;descendingMap;();;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;descendingMap;();;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;firstEntry;();;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;firstEntry;();;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;floorEntry;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;floorEntry;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;headMap;(Object,boolean);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;headMap;(Object,boolean);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;higherEntry;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;higherEntry;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;lastEntry;();;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;lastEntry;();;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;lowerEntry;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;lowerEntry;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;pollFirstEntry;();;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;pollFirstEntry;();;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;pollLastEntry;();;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;pollLastEntry;();;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;subMap;(Object,boolean,Object,boolean);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;tailMap;(Object,boolean);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;NavigableMap;true;tailMap;(Object,boolean);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;ceiling;(Object);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;descendingIterator;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;descendingSet;();;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;floor;(Object);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;headSet;(Object,boolean);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;higher;(Object);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;lower;(Object);;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;pollFirst;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;pollLast;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;subSet;(Object,boolean,Object,boolean);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;NavigableSet;true;tailSet;(Object,boolean);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;Scanner;true;next;(Pattern);;Argument[-1];ReturnValue;taint",
|
||||||
|
"java.util;Scanner;true;next;(String);;Argument[-1];ReturnValue;taint",
|
||||||
|
"java.util;SortedMap;true;headMap;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;SortedMap;true;headMap;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;SortedMap;true;subMap;(Object,Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;SortedMap;true;subMap;(Object,Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;SortedMap;true;tailMap;(Object);;MapKey of Argument[-1];MapKey of ReturnValue;value",
|
||||||
|
"java.util;SortedMap;true;tailMap;(Object);;MapValue of Argument[-1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;SortedSet;true;first;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;SortedSet;true;headSet;(Object);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;SortedSet;true;last;();;Element of Argument[-1];ReturnValue;value",
|
||||||
|
"java.util;SortedSet;true;subSet;(Object,Object);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util;SortedSet;true;tailSet;(Object);;Element of Argument[-1];Element of ReturnValue;value",
|
||||||
|
"java.util.concurrent;TransferQueue;true;tryTransfer;(Object,long,TimeUnit);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;TransferQueue;true;transfer;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util.concurrent;TransferQueue;true;tryTransfer;(Object);;Argument[0];Element of Argument[-1];value",
|
||||||
|
"java.util;List;false;copyOf;(Collection);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object[]);;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object);;Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object);;Argument[0..1];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object);;Argument[0..2];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object);;Argument[0..3];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];Element of ReturnValue;value",
|
||||||
|
"java.util;List;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];Element of ReturnValue;value",
|
||||||
|
"java.util;Map;false;copyOf;(Map);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;copyOf;(Map);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;entry;(Object,Object);;Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;entry;(Object,Object);;Argument[1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[2];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[3];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[4];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[5];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[6];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[7];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[8];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[9];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[10];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[11];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[12];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[13];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[14];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[15];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[16];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[17];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[18];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;of;;;Argument[19];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Map;false;ofEntries;;;MapKey of ArrayElement of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Map;false;ofEntries;;;MapValue of ArrayElement of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Set;false;copyOf;(Collection);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object[]);;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object);;Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object);;Argument[0..1];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object);;Argument[0..2];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object);;Argument[0..3];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object);;Argument[0..4];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object,Object);;Argument[0..5];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object);;Argument[0..6];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..7];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..8];Element of ReturnValue;value",
|
||||||
|
"java.util;Set;false;of;(Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..9];Element of ReturnValue;value",
|
||||||
|
"java.util;Arrays;false;stream;;;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Arrays;false;spliterator;;;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Arrays;false;copyOfRange;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||||
|
"java.util;Arrays;false;copyOf;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;list;(Enumeration);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;enumeration;(Collection);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;nCopies;(int,Object);;Argument[1];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;singletonMap;(Object,Object);;Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;singletonMap;(Object,Object);;Argument[1];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;singletonList;(Object);;Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;singleton;(Object);;Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedNavigableMap;(NavigableMap,Class,Class);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedSortedMap;(SortedMap,Class,Class);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedMap;(Map,Class,Class);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedMap;(Map,Class,Class);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedList;(List,Class);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedNavigableSet;(NavigableSet,Class);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedSortedSet;(SortedSet,Class);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedSet;(Set,Class);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;checkedCollection;(Collection,Class);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedNavigableMap;(NavigableMap);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedSortedMap;(SortedMap);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedSortedMap;(SortedMap);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedMap;(Map);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedMap;(Map);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedList;(List);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedNavigableSet;(NavigableSet);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedSortedSet;(SortedSet);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedSet;(Set);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;synchronizedCollection;(Collection);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableNavigableMap;(NavigableMap);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableSortedMap;(SortedMap);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableMap;(Map);;MapKey of Argument[0];MapKey of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableMap;(Map);;MapValue of Argument[0];MapValue of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableList;(List);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableNavigableSet;(NavigableSet);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableSortedSet;(SortedSet);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableSet;(Set);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;unmodifiableCollection;(Collection);;Element of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;max;;;Element of Argument[0];ReturnValue;value",
|
||||||
|
"java.util;Collections;false;min;;;Element of Argument[0];ReturnValue;value",
|
||||||
|
"java.util;Arrays;false;fill;(Object[],int,int,Object);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(Object[],Object);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(float[],int,int,float);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(float[],float);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(double[],int,int,double);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(double[],double);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(boolean[],int,int,boolean);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(boolean[],boolean);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(byte[],int,int,byte);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(byte[],byte);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(char[],int,int,char);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(char[],char);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(short[],int,int,short);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(short[],short);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(int[],int,int,int);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(int[],int);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(long[],int,int,long);;Argument[3];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;fill;(long[],long);;Argument[1];ArrayElement of Argument[0];value",
|
||||||
|
"java.util;Collections;false;replaceAll;(List,Object,Object);;Argument[2];Element of Argument[0];value",
|
||||||
|
"java.util;Collections;false;copy;(List,List);;Element of Argument[1];Element of Argument[0];value",
|
||||||
|
"java.util;Collections;false;fill;(List,Object);;Argument[1];Element of Argument[0];value",
|
||||||
|
"java.util;Arrays;false;asList;;;ArrayElement of Argument[0];Element of ReturnValue;value",
|
||||||
|
"java.util;Collections;false;addAll;(Collection,Object[]);;ArrayElement of Argument[1];Element of Argument[0];value"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
private predicate taintPreservingQualifierToMethod(Method m) {
|
private predicate taintPreservingQualifierToMethod(Method m) {
|
||||||
// java.util.Map.Entry
|
// java.util.Map.Entry
|
||||||
m.getDeclaringType() instanceof EntryType and
|
m.getDeclaringType() instanceof EntryType and
|
||||||
@@ -426,3 +709,58 @@ predicate containerStep(Expr n1, Expr n2) {
|
|||||||
containerReturnValueStep(n1, n2) or
|
containerReturnValueStep(n1, n2) or
|
||||||
containerUpdateStep(n1, n2)
|
containerUpdateStep(n1, n2)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the step from `node1` to `node2` stores a value in an array.
|
||||||
|
* This covers array assignments and initializers as well as implicit array
|
||||||
|
* creations for varargs.
|
||||||
|
*/
|
||||||
|
predicate arrayStoreStep(Node node1, Node node2) {
|
||||||
|
exists(Argument arg |
|
||||||
|
node1.asExpr() = arg and
|
||||||
|
arg.isVararg() and
|
||||||
|
node2.(ImplicitVarargsArray).getCall() = arg.getCall()
|
||||||
|
)
|
||||||
|
or
|
||||||
|
node2.asExpr().(ArrayInit).getAnInit() = node1.asExpr()
|
||||||
|
or
|
||||||
|
exists(Assignment assign | assign.getSource() = node1.asExpr() |
|
||||||
|
node2.(PostUpdateNode).getPreUpdateNode().asExpr() = assign.getDest().(ArrayAccess).getArray()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
private predicate enhancedForStmtStep(Node node1, Node node2, Type containerType) {
|
||||||
|
exists(EnhancedForStmt for, Expr e, SsaExplicitUpdate v |
|
||||||
|
for.getExpr() = e and
|
||||||
|
node1.asExpr() = e and
|
||||||
|
containerType = e.getType() and
|
||||||
|
v.getDefiningExpr() = for.getVariable() and
|
||||||
|
v.getAFirstUse() = node2.asExpr()
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the step from `node1` to `node2` reads a value from an array.
|
||||||
|
* This covers ordinary array reads as well as array iteration through enhanced
|
||||||
|
* `for` statements.
|
||||||
|
*/
|
||||||
|
predicate arrayReadStep(Node node1, Node node2, Type elemType) {
|
||||||
|
exists(ArrayAccess aa |
|
||||||
|
aa.getArray() = node1.asExpr() and
|
||||||
|
aa.getType() = elemType and
|
||||||
|
node2.asExpr() = aa
|
||||||
|
)
|
||||||
|
or
|
||||||
|
exists(Array arr |
|
||||||
|
enhancedForStmtStep(node1, node2, arr) and
|
||||||
|
arr.getComponentType() = elemType
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Holds if the step from `node1` to `node2` reads a value from a collection.
|
||||||
|
* This only covers iteration through enhanced `for` statements.
|
||||||
|
*/
|
||||||
|
predicate collectionReadStep(Node node1, Node node2) {
|
||||||
|
enhancedForStmtStep(node1, node2, any(Type t | not t instanceof Array))
|
||||||
|
}
|
||||||
|
|||||||
@@ -4,6 +4,7 @@ private import DataFlowImplCommon
|
|||||||
private import DataFlowDispatch
|
private import DataFlowDispatch
|
||||||
private import semmle.code.java.controlflow.Guards
|
private import semmle.code.java.controlflow.Guards
|
||||||
private import semmle.code.java.dataflow.SSA
|
private import semmle.code.java.dataflow.SSA
|
||||||
|
private import ContainerFlow
|
||||||
private import FlowSummaryImpl as FlowSummaryImpl
|
private import FlowSummaryImpl as FlowSummaryImpl
|
||||||
import DataFlowNodes::Private
|
import DataFlowNodes::Private
|
||||||
|
|
||||||
@@ -137,13 +138,15 @@ class MapValueContent extends Content, TMapValueContent {
|
|||||||
* Thus, `node2` references an object with a field `f` that contains the
|
* Thus, `node2` references an object with a field `f` that contains the
|
||||||
* value of `node1`.
|
* value of `node1`.
|
||||||
*/
|
*/
|
||||||
predicate storeStep(Node node1, Content f, PostUpdateNode node2) {
|
predicate storeStep(Node node1, Content f, Node node2) {
|
||||||
exists(FieldAccess fa |
|
exists(FieldAccess fa |
|
||||||
instanceFieldAssign(node1.asExpr(), fa) and
|
instanceFieldAssign(node1.asExpr(), fa) and
|
||||||
node2.getPreUpdateNode() = getFieldQualifier(fa) and
|
node2.(PostUpdateNode).getPreUpdateNode() = getFieldQualifier(fa) and
|
||||||
f.(FieldContent).getField() = fa.getField()
|
f.(FieldContent).getField() = fa.getField()
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
|
f instanceof ArrayContent and arrayStoreStep(node1, node2)
|
||||||
|
or
|
||||||
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, f, node2)
|
FlowSummaryImpl::Private::Steps::summaryStoreStep(node1, f, node2)
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -171,6 +174,10 @@ predicate readStep(Node node1, Content f, Node node2) {
|
|||||||
node2.asExpr() = get
|
node2.asExpr() = get
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
|
f instanceof ArrayContent and arrayReadStep(node1, node2, _)
|
||||||
|
or
|
||||||
|
f instanceof CollectionContent and collectionReadStep(node1, node2)
|
||||||
|
or
|
||||||
FlowSummaryImpl::Private::Steps::summaryReadStep(node1, f, node2)
|
FlowSummaryImpl::Private::Steps::summaryReadStep(node1, f, node2)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@@ -144,6 +144,8 @@ predicate simpleLocalFlowStep(Node node1, Node node2) {
|
|||||||
or
|
or
|
||||||
node2.asExpr().(AssignExpr).getSource() = node1.asExpr()
|
node2.asExpr().(AssignExpr).getSource() = node1.asExpr()
|
||||||
or
|
or
|
||||||
|
node2.asExpr().(ArrayCreationExpr).getInit() = node1.asExpr()
|
||||||
|
or
|
||||||
exists(MethodAccess ma, ValuePreservingMethod m, int argNo |
|
exists(MethodAccess ma, ValuePreservingMethod m, int argNo |
|
||||||
ma.getCallee().getSourceDeclaration() = m and m.returnsValue(argNo)
|
ma.getCallee().getSourceDeclaration() = m and m.returnsValue(argNo)
|
||||||
|
|
|
|
||||||
|
|||||||
@@ -31,6 +31,12 @@ DataFlowType getContentType(Content c) {
|
|||||||
or
|
or
|
||||||
c instanceof ArrayContent and
|
c instanceof ArrayContent and
|
||||||
result instanceof TypeObject
|
result instanceof TypeObject
|
||||||
|
or
|
||||||
|
c instanceof MapKeyContent and
|
||||||
|
result instanceof TypeObject
|
||||||
|
or
|
||||||
|
c instanceof MapValueContent and
|
||||||
|
result instanceof TypeObject
|
||||||
}
|
}
|
||||||
|
|
||||||
/** Gets the return type of kind `rk` for callable `c`. */
|
/** Gets the return type of kind `rk` for callable `c`. */
|
||||||
|
|||||||
@@ -60,10 +60,15 @@ private module Cached {
|
|||||||
localAdditionalTaintUpdateStep(src.asExpr(),
|
localAdditionalTaintUpdateStep(src.asExpr(),
|
||||||
sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr())
|
sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr())
|
||||||
or
|
or
|
||||||
exists(Argument arg |
|
exists(Content f |
|
||||||
src.asExpr() = arg and
|
readStep(src, f, sink) and
|
||||||
arg.isVararg() and
|
not sink.getTypeBound() instanceof PrimitiveType and
|
||||||
sink.(DataFlow::ImplicitVarargsArray).getCall() = arg.getCall()
|
not sink.getTypeBound() instanceof BoxedType and
|
||||||
|
not sink.getTypeBound() instanceof NumberType
|
||||||
|
|
|
||||||
|
f instanceof ArrayContent or
|
||||||
|
f instanceof CollectionContent or
|
||||||
|
f instanceof MapValueContent
|
||||||
)
|
)
|
||||||
or
|
or
|
||||||
FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
|
FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
|
||||||
@@ -93,6 +98,92 @@ private module Cached {
|
|||||||
|
|
||||||
import Cached
|
import Cached
|
||||||
|
|
||||||
|
/**
|
||||||
|
* These configurations add a number of configuration-dependent additional taint
|
||||||
|
* steps to all taint configurations. For each sink or additional step provided
|
||||||
|
* by a given configuration the types are inspected to find those implicit
|
||||||
|
* collection or array read steps that might be required at the sink or step
|
||||||
|
* input. The corresponding store steps are then added as additional taint steps
|
||||||
|
* to provide backwards-compatible taint flow to such sinks and steps.
|
||||||
|
*
|
||||||
|
* This is a temporary measure until support is added for such sinks that
|
||||||
|
* require implicit read steps.
|
||||||
|
*/
|
||||||
|
private module StoreTaintSteps {
|
||||||
|
private import semmle.code.java.dataflow.TaintTracking
|
||||||
|
private import semmle.code.java.dataflow.TaintTracking2
|
||||||
|
|
||||||
|
private class StoreTaintConfig extends TaintTracking::Configuration {
|
||||||
|
StoreTaintConfig() { this instanceof TaintTracking::Configuration or none() }
|
||||||
|
|
||||||
|
override predicate isSource(DataFlow::Node n) { none() }
|
||||||
|
|
||||||
|
override predicate isSink(DataFlow::Node n) { none() }
|
||||||
|
|
||||||
|
private predicate needsTaintStore(RefType container, Type elem, Content f) {
|
||||||
|
exists(DataFlow::Node arg |
|
||||||
|
(isSink(arg) or isAdditionalTaintStep(arg, _)) and
|
||||||
|
(arg.asExpr() instanceof Argument or arg instanceof ArgumentNode) and
|
||||||
|
arg.getType() = container
|
||||||
|
or
|
||||||
|
needsTaintStore(_, container, _)
|
||||||
|
|
|
||||||
|
container.(Array).getComponentType() = elem and
|
||||||
|
f instanceof ArrayContent
|
||||||
|
or
|
||||||
|
container.(CollectionType).getElementType() = elem and
|
||||||
|
f instanceof CollectionContent
|
||||||
|
or
|
||||||
|
container.(MapType).getValueType() = elem and
|
||||||
|
f instanceof MapValueContent
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
|
||||||
|
exists(Content f, Type elem |
|
||||||
|
storeStep(node1, f, node2) and
|
||||||
|
needsTaintStore(_, elem, f) and
|
||||||
|
not exists(Type srctyp | srctyp = node1.getTypeBound() | not compatibleTypes(srctyp, elem))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private class StoreTaintConfig2 extends TaintTracking2::Configuration {
|
||||||
|
StoreTaintConfig2() { this instanceof TaintTracking2::Configuration or none() }
|
||||||
|
|
||||||
|
override predicate isSource(DataFlow::Node n) { none() }
|
||||||
|
|
||||||
|
override predicate isSink(DataFlow::Node n) { none() }
|
||||||
|
|
||||||
|
private predicate needsTaintStore(RefType container, Type elem, Content f) {
|
||||||
|
exists(DataFlow::Node arg |
|
||||||
|
(isSink(arg) or isAdditionalTaintStep(arg, _)) and
|
||||||
|
(arg.asExpr() instanceof Argument or arg instanceof ArgumentNode) and
|
||||||
|
arg.getType() = container
|
||||||
|
or
|
||||||
|
needsTaintStore(_, container, _)
|
||||||
|
|
|
||||||
|
container.(Array).getComponentType() = elem and
|
||||||
|
f instanceof ArrayContent
|
||||||
|
or
|
||||||
|
container.(CollectionType).getElementType() = elem and
|
||||||
|
f instanceof CollectionContent
|
||||||
|
or
|
||||||
|
container.(MapType).getValueType() = elem and
|
||||||
|
f instanceof MapValueContent
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
|
||||||
|
exists(Content f, Type elem |
|
||||||
|
storeStep(node1, f, node2) and
|
||||||
|
needsTaintStore(_, elem, f) and
|
||||||
|
not exists(Type srctyp | srctyp = node1.getTypeBound() | not compatibleTypes(srctyp, elem))
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Holds if taint can flow in one local step from `src` to `sink` excluding
|
* Holds if taint can flow in one local step from `src` to `sink` excluding
|
||||||
* local data flow steps. That is, `src` and `sink` are likely to represent
|
* local data flow steps. That is, `src` and `sink` are likely to represent
|
||||||
@@ -103,22 +194,8 @@ private predicate localAdditionalTaintExprStep(Expr src, Expr sink) {
|
|||||||
or
|
or
|
||||||
sink.(AssignAddExpr).getSource() = src and sink.getType() instanceof TypeString
|
sink.(AssignAddExpr).getSource() = src and sink.getType() instanceof TypeString
|
||||||
or
|
or
|
||||||
sink.(ArrayCreationExpr).getInit() = src
|
|
||||||
or
|
|
||||||
sink.(ArrayInit).getAnInit() = src
|
|
||||||
or
|
|
||||||
sink.(ArrayAccess).getArray() = src
|
|
||||||
or
|
|
||||||
sink.(LogicExpr).getAnOperand() = src
|
sink.(LogicExpr).getAnOperand() = src
|
||||||
or
|
or
|
||||||
exists(EnhancedForStmt for, SsaExplicitUpdate v |
|
|
||||||
for.getExpr() = src and
|
|
||||||
v.getDefiningExpr() = for.getVariable() and
|
|
||||||
v.getAFirstUse() = sink
|
|
||||||
)
|
|
||||||
or
|
|
||||||
containerReturnValueStep(src, sink)
|
|
||||||
or
|
|
||||||
constructorStep(src, sink)
|
constructorStep(src, sink)
|
||||||
or
|
or
|
||||||
qualifierToMethodStep(src, sink)
|
qualifierToMethodStep(src, sink)
|
||||||
@@ -141,12 +218,6 @@ private predicate localAdditionalTaintExprStep(Expr src, Expr sink) {
|
|||||||
* This is restricted to cases where the step updates the value of `sink`.
|
* This is restricted to cases where the step updates the value of `sink`.
|
||||||
*/
|
*/
|
||||||
private predicate localAdditionalTaintUpdateStep(Expr src, Expr sink) {
|
private predicate localAdditionalTaintUpdateStep(Expr src, Expr sink) {
|
||||||
exists(Assignment assign | assign.getSource() = src |
|
|
||||||
sink = assign.getDest().(ArrayAccess).getArray()
|
|
||||||
)
|
|
||||||
or
|
|
||||||
containerUpdateStep(src, sink)
|
|
||||||
or
|
|
||||||
qualifierToArgumentStep(src, sink)
|
qualifierToArgumentStep(src, sink)
|
||||||
or
|
or
|
||||||
argToArgStep(src, sink)
|
argToArgStep(src, sink)
|
||||||
|
|||||||
@@ -165,14 +165,17 @@ private class ApacheHttpFlowStep extends SummaryModelCsv {
|
|||||||
"org.apache.http.util;EncodingUtils;true;getAsciiString;;;Argument[0];ReturnValue;taint",
|
"org.apache.http.util;EncodingUtils;true;getAsciiString;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.http.util;EncodingUtils;true;getBytes;(String,String);;Argument[0];ReturnValue;taint",
|
"org.apache.http.util;EncodingUtils;true;getBytes;(String,String);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.http.util;EncodingUtils;true;getString;;;Argument[0];ReturnValue;taint",
|
"org.apache.http.util;EncodingUtils;true;getString;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.http.util;Args;true;containsNoBlanks;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.http.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.http.util;Args;true;notNull;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.http.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.http.util;Args;true;notEmpty;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.http.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.http.util;Args;true;notBlank;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.http.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.hc.core5.util;Args;true;containsNoBlanks;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.http.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.hc.core5.util;Args;true;notNull;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.hc.core5.util;Args;true;containsNoBlanks;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.hc.core5.util;Args;true;notEmpty;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.hc.core5.util;Args;true;notNull;(Object,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.hc.core5.util;Args;true;notBlank;(T,String);;Argument[0];ReturnValue;value",
|
"org.apache.hc.core5.util;Args;true;notEmpty;(Collection,String);;Argument[0];ReturnValue;value",
|
||||||
|
"org.apache.hc.core5.util;Args;true;notEmpty;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
|
"org.apache.hc.core5.util;Args;true;notEmpty;(Object,String);;Argument[0];ReturnValue;value",
|
||||||
|
"org.apache.hc.core5.util;Args;true;notBlank;(CharSequence,String);;Argument[0];ReturnValue;value",
|
||||||
"org.apache.hc.core5.http.io.entity;HttpEntities;true;create;;;Argument[0];ReturnValue;taint",
|
"org.apache.hc.core5.http.io.entity;HttpEntities;true;create;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.hc.core5.http.io.entity;HttpEntities;true;createGzipped;;;Argument[0];ReturnValue;taint",
|
"org.apache.hc.core5.http.io.entity;HttpEntities;true;createGzipped;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.hc.core5.http.io.entity;HttpEntities;true;createUrlEncoded;;;Argument[0];ReturnValue;taint",
|
"org.apache.hc.core5.http.io.entity;HttpEntities;true;createUrlEncoded;;;Argument[0];ReturnValue;taint",
|
||||||
|
|||||||
@@ -94,29 +94,33 @@ private class ApacheStringUtilsModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3;StringUtils;false;defaultString;;;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;defaultString;;;Argument[0..1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;deleteWhitespace;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;deleteWhitespace;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;difference;;;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;difference;;;Argument[0..1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;firstNonBlank;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;firstNonBlank;;;ArrayElement of Argument[0];ReturnValue;value",
|
||||||
"org.apache.commons.lang3;StringUtils;false;firstNonEmpty;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;firstNonEmpty;;;ArrayElement of Argument[0];ReturnValue;value",
|
||||||
"org.apache.commons.lang3;StringUtils;false;getBytes;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;getBytes;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;getCommonPrefix;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;getCommonPrefix;;;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;getDigits;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;getDigits;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;getIfBlank;;;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;getIfBlank;;;Argument[0..1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;getIfEmpty;;;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;getIfEmpty;;;Argument[0..1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(char[],char);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(char[],char);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(char[],char,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(char[],char,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,char);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,char);;Element of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Element of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[]);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Iterable,java.lang.String);;Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[]);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],char,int,int);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String);;Argument[1];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.lang.Object[],java.lang.String,int,int);;Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,char);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,char);;Element of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Element of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,char,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.Iterator,java.lang.String);;Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,char,int,int);;Element of Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Element of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;join;(java.util.List,java.lang.String,int,int);;Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;joinWith;;;Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3;StringUtils;false;joinWith;;;ArrayElement of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;left;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;left;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;leftPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;leftPad;(java.lang.String,int,java.lang.String);;Argument[2];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;leftPad;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;leftPad;;;Argument[0];ReturnValue;taint",
|
||||||
@@ -148,9 +152,9 @@ private class ApacheStringUtilsModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3;StringUtils;false;replaceChars;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceChars;(java.lang.String,java.lang.String,java.lang.String);;Argument[2];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceChars;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceChars;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceEach;;;Argument[2];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceEach;;;ArrayElement of Argument[2];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;Argument[2];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceEachRepeatedly;;;ArrayElement of Argument[2];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;replaceIgnoreCase;;;Argument[0];ReturnValue;taint",
|
||||||
@@ -182,7 +186,7 @@ private class ApacheStringUtilsModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;strip;(java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;stripAccents;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;stripAccents;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;stripAll;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;stripAll;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;stripEnd;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;stripEnd;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;stripStart;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;stripStart;;;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3;StringUtils;false;stripToEmpty;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3;StringUtils;false;stripToEmpty;;;Argument[0];ReturnValue;taint",
|
||||||
@@ -229,7 +233,8 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -238,7 +243,9 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;(org.apache.commons.lang3.text.StrBuilder);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Iterator);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;(Object[]);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
||||||
@@ -249,14 +256,18 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;(Object[],String);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -296,7 +307,8 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -305,7 +317,9 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;append;(org.apache.commons.text.StrBuilder);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendAll;(Iterator);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendAll;(Object[]);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
||||||
@@ -316,14 +330,18 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StrBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
"org.apache.commons.text;StrBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterable,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Iterator,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;(Object[],String);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StrBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StrBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -364,7 +382,8 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -373,7 +392,9 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(java.nio.CharBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;(org.apache.commons.text.TextStringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;TextStringBuilder;false;append;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendAll;(Iterator);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendAll;(Object[]);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendAll;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendFixedWidthPadLeft;;;Argument[0];Argument[-1];taint",
|
||||||
@@ -384,14 +405,18 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendSeparator;(java.lang.String,java.lang.String);;Argument[0..1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendSeparator;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendTo;;;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterable,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Iterator,String);;Element of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;(Object[],String);;ArrayElement of Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendWithSeparators;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(char[]);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(char[],int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.Object);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0..1];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.String,java.lang.Object[]);;ArrayElement of Argument[1];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuffer,int,int);;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;TextStringBuilder;false;appendln;(java.lang.StringBuilder);;Argument[0];Argument[-1];taint",
|
||||||
@@ -525,9 +550,9 @@ private class ApacheStrLookupModel extends SummaryModelCsv {
|
|||||||
row =
|
row =
|
||||||
[
|
[
|
||||||
"org.apache.commons.lang3.text;StrLookup;false;lookup;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrLookup;false;lookup;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrLookup;false;mapLookup;;;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrLookup;false;mapLookup;;;MapValue of Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text.lookup;StringLookup;true;lookup;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text.lookup;StringLookup;true;lookup;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text.lookup;StringLookupFactory;false;mapStringLookup;;;Argument[0];ReturnValue;taint"
|
"org.apache.commons.text.lookup;StringLookupFactory;false;mapStringLookup;;;MapValue of Argument[0];ReturnValue;taint"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -540,6 +565,7 @@ private class ApacheStrSubstitutorModel extends SummaryModelCsv {
|
|||||||
row =
|
row =
|
||||||
[
|
[
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;MapValue of Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint",
|
||||||
@@ -552,10 +578,12 @@ private class ApacheStrSubstitutorModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder);;Argument[-1];Argument[0];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder);;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuffer);;Argument[-1];Argument[0];taint",
|
||||||
@@ -564,6 +592,7 @@ private class ApacheStrSubstitutorModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[-1];Argument[0];taint",
|
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[-1];Argument[0];taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;Argument[0];Argument[-1];taint",
|
||||||
|
"org.apache.commons.text;StringSubstitutor;false;StringSubstitutor;;;MapValue of Argument[0];Argument[-1];taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(char[]);;Argument[0];ReturnValue;taint",
|
||||||
@@ -574,10 +603,12 @@ private class ApacheStrSubstitutorModel extends SummaryModelCsv {
|
|||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.StringBuffer,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.String,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;Argument[1];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Map,java.lang.String,java.lang.String);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0..1];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;Argument[0];ReturnValue;taint",
|
||||||
|
"org.apache.commons.text;StringSubstitutor;false;replace;(java.lang.Object,java.util.Properties);;MapValue of Argument[1];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[0];ReturnValue;taint",
|
"org.apache.commons.text;StringSubstitutor;false;replace;(org.apache.commons.text.TextStringBuilder,int,int);;Argument[0];ReturnValue;taint",
|
||||||
"org.apache.commons.text;StringSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint",
|
"org.apache.commons.text;StringSubstitutor;false;setVariableResolver;;;Argument[0];Argument[-1];taint",
|
||||||
|
|||||||
@@ -30,7 +30,13 @@ private class GuavaBaseCsv extends SummaryModelCsv {
|
|||||||
"com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint",
|
"com.google.common.base;Joiner$MapJoiner;false;useForNull;(String);;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[1];Argument[0];taint",
|
"com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[1];Argument[0];taint",
|
||||||
"com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[0];ReturnValue;value",
|
"com.google.common.base;Joiner$MapJoiner;false;appendTo;;;Argument[0];ReturnValue;value",
|
||||||
"com.google.common.base;Joiner$MapJoiner;false;join;;;Argument[-1..0];ReturnValue;taint",
|
"com.google.common.base;Joiner$MapJoiner;false;join;;;Argument[-1];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;MapKey of Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Iterable);;MapValue of Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;MapKey of Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Iterator);;MapValue of Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Map);;MapKey of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.base;Joiner$MapJoiner;false;join;(Map);;MapValue of Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.base;Splitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint",
|
"com.google.common.base;Splitter;false;split;(CharSequence);;Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[0];ReturnValue;taint",
|
"com.google.common.base;Splitter;false;splitToList;(CharSequence);;Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.base;Splitter;false;splitToStream;(CharSequence);;Argument[0];ReturnValue;taint",
|
"com.google.common.base;Splitter;false;splitToStream;(CharSequence);;Argument[0];ReturnValue;taint",
|
||||||
|
|||||||
@@ -24,7 +24,9 @@ private class GuavaIoCsv extends SummaryModelCsv {
|
|||||||
"com.google.common.io;BaseEncoding;true;omitPadding;();;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;BaseEncoding;true;omitPadding;();;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;BaseEncoding;true;encode;(byte[],int,int);;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;ByteSource;true;asCharSource;(Charset);;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;ByteSource;true;concat;;;Argument[0];ReturnValue;taint",
|
"com.google.common.io;ByteSource;true;concat;(ByteSource[]);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.io;ByteSource;true;concat;(Iterable);;Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.io;ByteSource;true;concat;(Iterator);;Element of Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint",
|
"com.google.common.io;ByteSource;true;copyTo;(OutputStream);;Argument[-1];Argument[0];taint",
|
||||||
"com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;ByteSource;true;openStream;();;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;ByteSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint",
|
||||||
@@ -43,7 +45,9 @@ private class GuavaIoCsv extends SummaryModelCsv {
|
|||||||
"com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint",
|
"com.google.common.io;ByteStreams;false;readFully;(InputStream,byte[],int,int);;Argument[0];Argument[1];taint",
|
||||||
"com.google.common.io;ByteStreams;false;toByteArray;(InputStream);;Argument[0];ReturnValue;taint",
|
"com.google.common.io;ByteStreams;false;toByteArray;(InputStream);;Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.io;CharSource;true;asByteSource;(Charset);;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;CharSource;true;asByteSource;(Charset);;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;CharSource;true;concat;;;Argument[0];ReturnValue;taint",
|
"com.google.common.io;CharSource;true;concat;(CharSource[]);;ArrayElement of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.io;CharSource;true;concat;(Iterable);;Element of Argument[0];ReturnValue;taint",
|
||||||
|
"com.google.common.io;CharSource;true;concat;(Iterator);;Element of Argument[0];ReturnValue;taint",
|
||||||
"com.google.common.io;CharSource;true;copyTo;(Appendable);;Argument[-1];Argument[0];taint",
|
"com.google.common.io;CharSource;true;copyTo;(Appendable);;Argument[-1];Argument[0];taint",
|
||||||
"com.google.common.io;CharSource;true;openStream;();;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;CharSource;true;openStream;();;Argument[-1];ReturnValue;taint",
|
||||||
"com.google.common.io;CharSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint",
|
"com.google.common.io;CharSource;true;openBufferedStream;();;Argument[-1];ReturnValue;taint",
|
||||||
|
|||||||
@@ -280,6 +280,7 @@ private class JacksonModel extends SummaryModelCsv {
|
|||||||
row =
|
row =
|
||||||
[
|
[
|
||||||
"com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint",
|
"com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;Argument[0];ReturnValue;taint",
|
||||||
|
"com.fasterxml.jackson.databind;ObjectMapper;true;valueToTree;;;MapValue of Argument[0];ReturnValue;taint",
|
||||||
"com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint"
|
"com.fasterxml.jackson.databind;ObjectMapper;true;convertValue;;;Argument[0];ReturnValue;taint"
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
edges
|
edges
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip |
|
| ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip |
|
| ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip |
|
||||||
|
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String |
|
||||||
|
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:16:21:16:33 | getClientIP(...) : String |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String |
|
||||||
nodes
|
nodes
|
||||||
@@ -10,6 +12,7 @@ nodes
|
|||||||
| ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | semmle.label | getClientIP(...) : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:24:21:24:33 | getClientIP(...) : String | semmle.label | getClientIP(...) : String |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip | semmle.label | ip |
|
| ClientSuppliedIpUsedInSecurityCheck.java:25:33:25:34 | ip | semmle.label | ip |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | semmle.label | getHeader(...) : String |
|
||||||
|
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:34 | split(...) : String[] | semmle.label | split(...) : String[] |
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | semmle.label | ...[...] : String |
|
| ClientSuppliedIpUsedInSecurityCheck.java:47:16:47:37 | ...[...] : String | semmle.label | ...[...] : String |
|
||||||
#select
|
#select
|
||||||
| ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | IP address spoofing might include code from $@. | ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) | this user input |
|
| ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) : String | ClientSuppliedIpUsedInSecurityCheck.java:17:37:17:38 | ip | IP address spoofing might include code from $@. | ClientSuppliedIpUsedInSecurityCheck.java:43:27:43:62 | getHeader(...) | this user input |
|
||||||
|
|||||||
@@ -1,52 +1,88 @@
|
|||||||
edges
|
edges
|
||||||
|
| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:20:49:20:59 | environment |
|
| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:20:49:20:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:20:49:20:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:17:3:17:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:20:49:20:59 | environment |
|
| InsecureLdapAuth.java:17:3:17:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:20:49:20:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | InsecureLdapAuth.java:34:49:34:59 | environment |
|
| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | InsecureLdapAuth.java:34:49:34:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:34:49:34:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:31:3:31:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:34:49:34:59 | environment |
|
| InsecureLdapAuth.java:31:3:31:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:34:49:34:59 | environment |
|
||||||
| InsecureLdapAuth.java:45:3:45:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:48:49:48:59 | environment |
|
| InsecureLdapAuth.java:45:3:45:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:48:49:48:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | InsecureLdapAuth.java:63:49:63:59 | environment |
|
| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | InsecureLdapAuth.java:63:49:63:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:59:3:59:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment |
|
| InsecureLdapAuth.java:59:3:59:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment |
|
||||||
| InsecureLdapAuth.java:62:3:62:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment |
|
| InsecureLdapAuth.java:62:3:62:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:63:49:63:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:77:49:77:59 | environment |
|
| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:77:49:77:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:77:49:77:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:88:3:88:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:91:49:91:59 | environment |
|
| InsecureLdapAuth.java:88:3:88:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:91:49:91:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:105:59:105:69 | environment |
|
| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:105:59:105:69 | environment |
|
||||||
|
| InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:105:59:105:69 | environment |
|
||||||
|
| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:102:3:102:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:105:59:105:69 | environment |
|
| InsecureLdapAuth.java:102:3:102:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:105:59:105:69 | environment |
|
||||||
|
| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:120:49:120:59 | environment |
|
| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | InsecureLdapAuth.java:120:49:120:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:120:49:120:59 | environment |
|
||||||
|
| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:117:3:117:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:120:49:120:59 | environment |
|
| InsecureLdapAuth.java:117:3:117:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:120:49:120:59 | environment |
|
||||||
| InsecureLdapAuth.java:124:3:124:5 | env [post update] : Hashtable | InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:124:3:124:5 | env [post update] : Hashtable | InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | InsecureLdapAuth.java:142:50:142:60 | environment |
|
| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | InsecureLdapAuth.java:142:50:142:60 | environment |
|
||||||
| InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment |
|
| InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment |
|
||||||
|
| InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment |
|
||||||
|
| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment |
|
| InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable | InsecureLdapAuth.java:142:50:142:60 | environment |
|
||||||
|
| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | InsecureLdapAuth.java:153:50:153:60 | environment |
|
| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | InsecureLdapAuth.java:153:50:153:60 | environment |
|
||||||
|
| InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable | InsecureLdapAuth.java:153:50:153:60 | environment |
|
||||||
|
| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable | InsecureLdapAuth.java:153:50:153:60 | environment |
|
| InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable | InsecureLdapAuth.java:153:50:153:60 | environment |
|
||||||
nodes
|
nodes
|
||||||
| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
| InsecureLdapAuth.java:11:20:11:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
||||||
|
| InsecureLdapAuth.java:15:3:15:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:15:41:15:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:17:3:17:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:17:3:17:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:20:49:20:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:20:49:20:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:20:49:20:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:20:49:20:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | semmle.label | ... + ... : String |
|
| InsecureLdapAuth.java:25:20:25:39 | ... + ... : String | semmle.label | ... + ... : String |
|
||||||
|
| InsecureLdapAuth.java:29:3:29:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:29:41:29:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:31:3:31:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:31:3:31:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:34:49:34:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:34:49:34:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:34:49:34:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:34:49:34:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:45:3:45:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:45:3:45:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:48:49:48:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:48:49:48:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | semmle.label | "ldap://ad.your-server.com:636" : String |
|
| InsecureLdapAuth.java:53:20:53:50 | "ldap://ad.your-server.com:636" : String | semmle.label | "ldap://ad.your-server.com:636" : String |
|
||||||
|
| InsecureLdapAuth.java:57:3:57:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:57:41:57:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:59:3:59:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:59:3:59:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:62:3:62:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:62:3:62:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:63:49:63:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
| InsecureLdapAuth.java:68:20:68:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
||||||
|
| InsecureLdapAuth.java:72:3:72:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:72:41:72:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:77:49:77:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:77:49:77:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:88:3:88:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:88:3:88:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:91:49:91:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:91:49:91:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
| InsecureLdapAuth.java:96:20:96:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
||||||
|
| InsecureLdapAuth.java:100:3:100:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:100:41:100:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:102:3:102:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:102:3:102:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:105:59:105:69 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:105:59:105:69 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:105:59:105:69 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:105:59:105:69 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
| InsecureLdapAuth.java:111:20:111:50 | "ldap://ad.your-server.com:389" : String | semmle.label | "ldap://ad.your-server.com:389" : String |
|
||||||
|
| InsecureLdapAuth.java:115:3:115:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:115:47:115:53 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:117:3:117:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:117:3:117:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:120:49:120:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:120:49:120:59 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:120:49:120:59 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:120:49:120:59 | environment | semmle.label | environment |
|
||||||
@@ -54,11 +90,15 @@ nodes
|
|||||||
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | semmle.label | env [post update] : Hashtable |
|
| InsecureLdapAuth.java:128:3:128:5 | env [post update] : Hashtable | semmle.label | env [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | semmle.label | ... + ... : String |
|
| InsecureLdapAuth.java:135:20:135:39 | ... + ... : String | semmle.label | ... + ... : String |
|
||||||
| InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:137:10:137:20 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:140:3:140:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:140:41:140:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:141:16:141:26 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:142:50:142:60 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | semmle.label | ... + ... : String |
|
| InsecureLdapAuth.java:147:20:147:39 | ... + ... : String | semmle.label | ... + ... : String |
|
||||||
|
| InsecureLdapAuth.java:151:3:151:13 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
|
| InsecureLdapAuth.java:151:41:151:47 | ldapUrl : String | semmle.label | ldapUrl : String |
|
||||||
| InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
| InsecureLdapAuth.java:152:16:152:26 | environment [post update] : Hashtable | semmle.label | environment [post update] : Hashtable |
|
||||||
| InsecureLdapAuth.java:153:50:153:60 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:153:50:153:60 | environment | semmle.label | environment |
|
||||||
| InsecureLdapAuth.java:153:50:153:60 | environment | semmle.label | environment |
|
| InsecureLdapAuth.java:153:50:153:60 | environment | semmle.label | environment |
|
||||||
|
|||||||
@@ -1,7 +1,9 @@
|
|||||||
edges
|
edges
|
||||||
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | SensitiveGetQuery2.java:14:30:14:32 | map : Map |
|
||||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password |
|
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password |
|
||||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password : Object |
|
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | SensitiveGetQuery2.java:15:29:15:36 | password : Object |
|
||||||
|
| SensitiveGetQuery2.java:14:30:14:32 | map : Map | SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object |
|
||||||
|
| SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object |
|
||||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | SensitiveGetQuery2.java:18:40:18:54 | password : Object |
|
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | SensitiveGetQuery2.java:18:40:18:54 | password : Object |
|
||||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | SensitiveGetQuery2.java:19:61:19:68 | password |
|
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | SensitiveGetQuery2.java:19:61:19:68 | password |
|
||||||
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password |
|
| SensitiveGetQuery3.java:12:21:12:60 | getRequestParameter(...) : String | SensitiveGetQuery3.java:13:57:13:64 | password |
|
||||||
@@ -15,6 +17,8 @@ edges
|
|||||||
nodes
|
nodes
|
||||||
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | semmle.label | getParameterMap(...) : Map |
|
| SensitiveGetQuery2.java:12:13:12:37 | getParameterMap(...) : Map | semmle.label | getParameterMap(...) : Map |
|
||||||
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | semmle.label | (...)... : Object |
|
| SensitiveGetQuery2.java:14:21:14:48 | (...)... : Object | semmle.label | (...)... : Object |
|
||||||
|
| SensitiveGetQuery2.java:14:30:14:32 | map : Map | semmle.label | map : Map |
|
||||||
|
| SensitiveGetQuery2.java:14:30:14:48 | get(...) : Object | semmle.label | get(...) : Object |
|
||||||
| SensitiveGetQuery2.java:15:29:15:36 | password | semmle.label | password |
|
| SensitiveGetQuery2.java:15:29:15:36 | password | semmle.label | password |
|
||||||
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | semmle.label | password : Object |
|
| SensitiveGetQuery2.java:15:29:15:36 | password : Object | semmle.label | password : Object |
|
||||||
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | semmle.label | password : Object |
|
| SensitiveGetQuery2.java:18:40:18:54 | password : Object | semmle.label | password : Object |
|
||||||
|
|||||||
@@ -3,7 +3,8 @@ edges
|
|||||||
| SensitiveBroadcast.java:13:41:13:52 | refreshToken : String | SensitiveBroadcast.java:14:31:14:36 | intent |
|
| SensitiveBroadcast.java:13:41:13:52 | refreshToken : String | SensitiveBroadcast.java:14:31:14:36 | intent |
|
||||||
| SensitiveBroadcast.java:25:32:25:39 | password : String | SensitiveBroadcast.java:26:31:26:36 | intent |
|
| SensitiveBroadcast.java:25:32:25:39 | password : String | SensitiveBroadcast.java:26:31:26:36 | intent |
|
||||||
| SensitiveBroadcast.java:36:35:36:39 | email : String | SensitiveBroadcast.java:38:31:38:36 | intent |
|
| SensitiveBroadcast.java:36:35:36:39 | email : String | SensitiveBroadcast.java:38:31:38:36 | intent |
|
||||||
| SensitiveBroadcast.java:50:22:50:29 | password : String | SensitiveBroadcast.java:52:31:52:36 | intent |
|
| SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] : ArrayList | SensitiveBroadcast.java:52:31:52:36 | intent |
|
||||||
|
| SensitiveBroadcast.java:50:22:50:29 | password : String | SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] : ArrayList |
|
||||||
| SensitiveBroadcast.java:97:35:97:40 | ticket : String | SensitiveBroadcast.java:98:54:98:59 | intent |
|
| SensitiveBroadcast.java:97:35:97:40 | ticket : String | SensitiveBroadcast.java:98:54:98:59 | intent |
|
||||||
| SensitiveBroadcast.java:109:32:109:39 | passcode : String | SensitiveBroadcast.java:111:54:111:59 | intent |
|
| SensitiveBroadcast.java:109:32:109:39 | passcode : String | SensitiveBroadcast.java:111:54:111:59 | intent |
|
||||||
| SensitiveBroadcast.java:136:33:136:38 | passwd : String | SensitiveBroadcast.java:140:54:140:59 | intent |
|
| SensitiveBroadcast.java:136:33:136:38 | passwd : String | SensitiveBroadcast.java:140:54:140:59 | intent |
|
||||||
@@ -15,6 +16,7 @@ nodes
|
|||||||
| SensitiveBroadcast.java:26:31:26:36 | intent | semmle.label | intent |
|
| SensitiveBroadcast.java:26:31:26:36 | intent | semmle.label | intent |
|
||||||
| SensitiveBroadcast.java:36:35:36:39 | email : String | semmle.label | email : String |
|
| SensitiveBroadcast.java:36:35:36:39 | email : String | semmle.label | email : String |
|
||||||
| SensitiveBroadcast.java:38:31:38:36 | intent | semmle.label | intent |
|
| SensitiveBroadcast.java:38:31:38:36 | intent | semmle.label | intent |
|
||||||
|
| SensitiveBroadcast.java:50:9:50:16 | userinfo [post update] : ArrayList | semmle.label | userinfo [post update] : ArrayList |
|
||||||
| SensitiveBroadcast.java:50:22:50:29 | password : String | semmle.label | password : String |
|
| SensitiveBroadcast.java:50:22:50:29 | password : String | semmle.label | password : String |
|
||||||
| SensitiveBroadcast.java:52:31:52:36 | intent | semmle.label | intent |
|
| SensitiveBroadcast.java:52:31:52:36 | intent | semmle.label | intent |
|
||||||
| SensitiveBroadcast.java:97:35:97:40 | ticket : String | semmle.label | ticket : String |
|
| SensitiveBroadcast.java:97:35:97:40 | ticket : String | semmle.label | ticket : String |
|
||||||
|
|||||||
1821
java/ql/test/library-tests/dataflow/collections/B.java
Normal file
1821
java/ql/test/library-tests/dataflow/collections/B.java
Normal file
File diff suppressed because it is too large
Load Diff
@@ -89,7 +89,7 @@ class ContainerTest {
|
|||||||
sink(stack.peek());
|
sink(stack.peek());
|
||||||
sink(stack.pop());
|
sink(stack.pop());
|
||||||
sink(stack.push("value")); // not tainted
|
sink(stack.push("value")); // not tainted
|
||||||
sink(new Stack().push(source("value")));
|
sink(new Stack().push(source("value"))); // $ hasValueFlow
|
||||||
mkSink(Stack.class).push(source("value"));
|
mkSink(Stack.class).push(source("value"));
|
||||||
|
|
||||||
// java.util.Queue
|
// java.util.Queue
|
||||||
|
|||||||
@@ -0,0 +1,45 @@
|
|||||||
|
import java
|
||||||
|
import semmle.code.java.dataflow.DataFlow
|
||||||
|
import semmle.code.java.dataflow.ExternalFlow
|
||||||
|
import TestUtilities.InlineExpectationsTest
|
||||||
|
import DataFlow
|
||||||
|
|
||||||
|
class SummaryModelTest extends SummaryModelCsv {
|
||||||
|
override predicate row(string row) {
|
||||||
|
row =
|
||||||
|
[
|
||||||
|
//"package;type;overrides;name;signature;ext;inputspec;outputspec;kind",
|
||||||
|
";B;false;storeArrayElement;(Object);;Argument[0];ArrayElement of ReturnValue;value",
|
||||||
|
";B;false;storeElement;(Object);;Argument[0];Element of ReturnValue;value",
|
||||||
|
";B;false;storeMapKey;(Object);;Argument[0];MapKey of ReturnValue;value",
|
||||||
|
";B;false;storeMapValue;(Object);;Argument[0];MapValue of ReturnValue;value",
|
||||||
|
";B;false;readArrayElement;(Object);;ArrayElement of Argument[0];ReturnValue;value",
|
||||||
|
";B;false;readElement;(Object);;Element of Argument[0];ReturnValue;value",
|
||||||
|
";B;false;readMapKey;(Object);;MapKey of Argument[0];ReturnValue;value",
|
||||||
|
";B;false;readMapValue;(Object);;MapValue of Argument[0];ReturnValue;value"
|
||||||
|
]
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
class ContainerFlowConf extends Configuration {
|
||||||
|
ContainerFlowConf() { this = "qltest:ContainerFlowConf" }
|
||||||
|
|
||||||
|
override predicate isSource(Node n) { n.asExpr().(MethodAccess).getMethod().hasName("source") }
|
||||||
|
|
||||||
|
override predicate isSink(Node n) { n.asExpr().(Argument).getCall().getCallee().hasName("sink") }
|
||||||
|
}
|
||||||
|
|
||||||
|
class HasFlowTest extends InlineExpectationsTest {
|
||||||
|
HasFlowTest() { this = "HasFlowTest" }
|
||||||
|
|
||||||
|
override string getARelevantTag() { result = "hasValueFlow" }
|
||||||
|
|
||||||
|
override predicate hasActualResult(Location location, string element, string tag, string value) {
|
||||||
|
tag = "hasValueFlow" and
|
||||||
|
exists(Node src, Node sink, ContainerFlowConf conf | conf.hasFlow(src, sink) |
|
||||||
|
sink.getLocation() = location and
|
||||||
|
element = sink.toString() and
|
||||||
|
value = ""
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -85,9 +85,6 @@
|
|||||||
| ContainterTest.java:46:4:46:38 | navMap | ContainterTest.java:199:8:199:48 | subMap(...) |
|
| ContainterTest.java:46:4:46:38 | navMap | ContainterTest.java:199:8:199:48 | subMap(...) |
|
||||||
| ContainterTest.java:46:4:46:38 | navMap | ContainterTest.java:200:8:200:34 | tailMap(...) |
|
| ContainterTest.java:46:4:46:38 | navMap | ContainterTest.java:200:8:200:34 | tailMap(...) |
|
||||||
| ContainterTest.java:47:4:47:48 | syncHashMap | ContainterTest.java:203:8:203:29 | elements(...) |
|
| ContainterTest.java:47:4:47:48 | syncHashMap | ContainterTest.java:203:8:203:29 | elements(...) |
|
||||||
| ContainterTest.java:47:4:47:48 | syncHashMap | ContainterTest.java:204:8:204:42 | search(...) |
|
|
||||||
| ContainterTest.java:47:4:47:48 | syncHashMap | ContainterTest.java:205:8:205:55 | searchEntries(...) |
|
|
||||||
| ContainterTest.java:47:4:47:48 | syncHashMap | ContainterTest.java:206:8:206:43 | searchValues(...) |
|
|
||||||
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:209:8:209:22 | elements(...) |
|
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:209:8:209:22 | elements(...) |
|
||||||
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:210:8:210:25 | get(...) |
|
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:210:8:210:25 | get(...) |
|
||||||
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:211:8:211:31 | put(...) |
|
| ContainterTest.java:48:4:48:34 | dict | ContainterTest.java:211:8:211:31 | put(...) |
|
||||||
|
|||||||
@@ -5,6 +5,9 @@ import semmle.code.java.dataflow.internal.DataFlowImplSpecific::Private
|
|||||||
|
|
||||||
from Node n1, Content f, Node n2
|
from Node n1, Content f, Node n2
|
||||||
where
|
where
|
||||||
read(n1, f, n2) or
|
(
|
||||||
getterStep(n1, f, n2)
|
read(n1, f, n2) or
|
||||||
|
getterStep(n1, f, n2)
|
||||||
|
) and
|
||||||
|
n1.getEnclosingCallable().fromSource()
|
||||||
select n1, n2, f
|
select n1, n2, f
|
||||||
|
|||||||
@@ -3,17 +3,17 @@ import java.util.List;
|
|||||||
|
|
||||||
class ArraysTest {
|
class ArraysTest {
|
||||||
public static void taintSteps(String[] source) {
|
public static void taintSteps(String[] source) {
|
||||||
Arrays.asList();
|
|
||||||
Arrays.asList("one");
|
|
||||||
Arrays.asList("two", "three");
|
|
||||||
Arrays.copyOf(source, 10);
|
|
||||||
Arrays.copyOfRange(source, 0, 10);
|
|
||||||
Arrays.deepToString(source);
|
Arrays.deepToString(source);
|
||||||
Arrays.spliterator(source);
|
|
||||||
Arrays.stream(source);
|
|
||||||
Arrays.toString(source);
|
Arrays.toString(source);
|
||||||
Arrays.fill(source, "value");
|
|
||||||
Arrays.fill(source, 0, 10, "data");
|
|
||||||
Arrays.parallelPrefix(source, (x, y) -> x + y);
|
Arrays.parallelPrefix(source, (x, y) -> x + y);
|
||||||
Arrays.parallelPrefix(source, 0, 10, (x, y) -> x + y);
|
Arrays.parallelPrefix(source, 0, 10, (x, y) -> x + y);
|
||||||
Arrays.parallelSetAll(source, x -> Integer.toString(x));
|
Arrays.parallelSetAll(source, x -> Integer.toString(x));
|
||||||
|
|||||||
@@ -1,40 +0,0 @@
|
|||||||
import java.util.Collections;
|
|
||||||
import java.util.Enumeration;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Set;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
class CollectionsTest {
|
|
||||||
public static void taintSteps(List<String> list, List<String> other, Enumeration enumeration, Map<String,String> map) {
|
|
||||||
Collections.addAll(list);
|
|
||||||
Collections.addAll(list, "one");
|
|
||||||
Collections.addAll(list, "two", "three");
|
|
||||||
Collections.addAll(list, new String[]{ "four" });
|
|
||||||
|
|
||||||
Collections.checkedList(list, String.class);
|
|
||||||
Collections.min(list);
|
|
||||||
Collections.enumeration(list);
|
|
||||||
Collections.list(enumeration);
|
|
||||||
Collections.singletonMap("key", "value");
|
|
||||||
Collections.copy(list, other);
|
|
||||||
Collections.nCopies(10, "item");
|
|
||||||
Collections.replaceAll(list, "search", "replace");
|
|
||||||
|
|
||||||
List.of();
|
|
||||||
java.util.List.of("a");
|
|
||||||
List.of("b", "c");
|
|
||||||
java.util.List.copyOf(list);
|
|
||||||
Set.of();
|
|
||||||
Set.of("d");
|
|
||||||
Set.of("e" , "f");
|
|
||||||
Set.copyOf(list);
|
|
||||||
Map.of();
|
|
||||||
Map.of("k", "v");
|
|
||||||
Map.of("k1", "v1", "k2", "v2");
|
|
||||||
Map.copyOf(map);
|
|
||||||
Map.ofEntries();
|
|
||||||
Map.ofEntries(Map.entry("k3", "v3"));
|
|
||||||
Map.ofEntries(Map.entry("k4", "v4"), Map.entry("k5", "v5"));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@@ -1,15 +1,3 @@
|
|||||||
| ArraysTest.java:7:17:7:21 | "one" | ArraysTest.java:7:3:7:22 | asList(...) |
|
|
||||||
| ArraysTest.java:7:17:7:21 | "one" | ArraysTest.java:7:3:7:22 | new ..[] { .. } |
|
|
||||||
| ArraysTest.java:8:17:8:21 | "two" | ArraysTest.java:8:3:8:31 | asList(...) |
|
|
||||||
| ArraysTest.java:8:17:8:21 | "two" | ArraysTest.java:8:3:8:31 | new ..[] { .. } |
|
|
||||||
| ArraysTest.java:8:24:8:30 | "three" | ArraysTest.java:8:3:8:31 | asList(...) |
|
|
||||||
| ArraysTest.java:8:24:8:30 | "three" | ArraysTest.java:8:3:8:31 | new ..[] { .. } |
|
|
||||||
| ArraysTest.java:9:17:9:22 | source | ArraysTest.java:9:3:9:27 | copyOf(...) |
|
|
||||||
| ArraysTest.java:10:22:10:27 | source | ArraysTest.java:10:3:10:35 | copyOfRange(...) |
|
|
||||||
| ArraysTest.java:12:22:12:27 | source | ArraysTest.java:12:3:12:28 | spliterator(...) |
|
|
||||||
| ArraysTest.java:13:17:13:22 | source | ArraysTest.java:13:3:13:23 | stream(...) |
|
|
||||||
| ArraysTest.java:15:23:15:29 | "value" | ArraysTest.java:15:15:15:20 | source [post update] |
|
|
||||||
| ArraysTest.java:16:30:16:35 | "data" | ArraysTest.java:16:15:16:20 | source [post update] |
|
|
||||||
| ArraysTest.java:17:43:17:43 | x | ArraysTest.java:17:43:17:47 | ... + ... |
|
| ArraysTest.java:17:43:17:43 | x | ArraysTest.java:17:43:17:47 | ... + ... |
|
||||||
| ArraysTest.java:17:47:17:47 | y | ArraysTest.java:17:43:17:47 | ... + ... |
|
| ArraysTest.java:17:47:17:47 | y | ArraysTest.java:17:43:17:47 | ... + ... |
|
||||||
| ArraysTest.java:18:50:18:50 | x | ArraysTest.java:18:50:18:54 | ... + ... |
|
| ArraysTest.java:18:50:18:50 | x | ArraysTest.java:18:50:18:54 | ... + ... |
|
||||||
@@ -18,44 +6,6 @@
|
|||||||
| ArraysTest.java:19:55:19:55 | x | ArraysTest.java:19:38:19:56 | toString(...) |
|
| ArraysTest.java:19:55:19:55 | x | ArraysTest.java:19:38:19:56 | toString(...) |
|
||||||
| ArraysTest.java:20:30:20:36 | Integer | ArraysTest.java:20:30:20:48 | toString(...) |
|
| ArraysTest.java:20:30:20:36 | Integer | ArraysTest.java:20:30:20:48 | toString(...) |
|
||||||
| ArraysTest.java:20:47:20:47 | x | ArraysTest.java:20:30:20:48 | toString(...) |
|
| ArraysTest.java:20:47:20:47 | x | ArraysTest.java:20:30:20:48 | toString(...) |
|
||||||
| CollectionsTest.java:10:28:10:32 | "one" | CollectionsTest.java:10:3:10:33 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:10:28:10:32 | "one" | CollectionsTest.java:10:22:10:25 | list [post update] |
|
|
||||||
| CollectionsTest.java:11:28:11:32 | "two" | CollectionsTest.java:11:3:11:42 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:11:28:11:32 | "two" | CollectionsTest.java:11:22:11:25 | list [post update] |
|
|
||||||
| CollectionsTest.java:11:35:11:41 | "three" | CollectionsTest.java:11:3:11:42 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:11:35:11:41 | "three" | CollectionsTest.java:11:22:11:25 | list [post update] |
|
|
||||||
| CollectionsTest.java:12:28:12:49 | new String[] | CollectionsTest.java:12:22:12:25 | list [post update] |
|
|
||||||
| CollectionsTest.java:12:28:12:49 | {...} | CollectionsTest.java:12:28:12:49 | new String[] |
|
|
||||||
| CollectionsTest.java:12:42:12:47 | "four" | CollectionsTest.java:12:28:12:49 | {...} |
|
|
||||||
| CollectionsTest.java:14:27:14:30 | list | CollectionsTest.java:14:3:14:45 | checkedList(...) |
|
|
||||||
| CollectionsTest.java:15:19:15:22 | list | CollectionsTest.java:15:3:15:23 | min(...) |
|
|
||||||
| CollectionsTest.java:16:27:16:30 | list | CollectionsTest.java:16:3:16:31 | enumeration(...) |
|
|
||||||
| CollectionsTest.java:17:20:17:30 | enumeration | CollectionsTest.java:17:3:17:31 | list(...) |
|
|
||||||
| CollectionsTest.java:18:35:18:41 | "value" | CollectionsTest.java:18:3:18:42 | singletonMap(...) |
|
|
||||||
| CollectionsTest.java:19:26:19:30 | other | CollectionsTest.java:19:20:19:23 | list [post update] |
|
|
||||||
| CollectionsTest.java:20:27:20:32 | "item" | CollectionsTest.java:20:3:20:33 | nCopies(...) |
|
|
||||||
| CollectionsTest.java:21:42:21:50 | "replace" | CollectionsTest.java:21:26:21:29 | list [post update] |
|
|
||||||
| CollectionsTest.java:24:21:24:23 | "a" | CollectionsTest.java:24:3:24:24 | of(...) |
|
|
||||||
| CollectionsTest.java:25:11:25:13 | "b" | CollectionsTest.java:25:3:25:19 | of(...) |
|
|
||||||
| CollectionsTest.java:25:16:25:18 | "c" | CollectionsTest.java:25:3:25:19 | of(...) |
|
|
||||||
| CollectionsTest.java:26:25:26:28 | list | CollectionsTest.java:26:3:26:29 | copyOf(...) |
|
|
||||||
| CollectionsTest.java:28:10:28:12 | "d" | CollectionsTest.java:28:3:28:13 | of(...) |
|
|
||||||
| CollectionsTest.java:29:10:29:12 | "e" | CollectionsTest.java:29:3:29:19 | of(...) |
|
|
||||||
| CollectionsTest.java:29:16:29:18 | "f" | CollectionsTest.java:29:3:29:19 | of(...) |
|
|
||||||
| CollectionsTest.java:30:14:30:17 | list | CollectionsTest.java:30:3:30:18 | copyOf(...) |
|
|
||||||
| CollectionsTest.java:32:15:32:17 | "v" | CollectionsTest.java:32:3:32:18 | of(...) |
|
|
||||||
| CollectionsTest.java:33:16:33:19 | "v1" | CollectionsTest.java:33:3:33:32 | of(...) |
|
|
||||||
| CollectionsTest.java:33:28:33:31 | "v2" | CollectionsTest.java:33:3:33:32 | of(...) |
|
|
||||||
| CollectionsTest.java:34:14:34:16 | map | CollectionsTest.java:34:3:34:17 | copyOf(...) |
|
|
||||||
| CollectionsTest.java:36:17:36:37 | entry(...) | CollectionsTest.java:36:3:36:38 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:36:17:36:37 | entry(...) | CollectionsTest.java:36:3:36:38 | ofEntries(...) |
|
|
||||||
| CollectionsTest.java:36:33:36:36 | "v3" | CollectionsTest.java:36:17:36:37 | entry(...) |
|
|
||||||
| CollectionsTest.java:37:17:37:37 | entry(...) | CollectionsTest.java:37:3:37:61 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:37:17:37:37 | entry(...) | CollectionsTest.java:37:3:37:61 | ofEntries(...) |
|
|
||||||
| CollectionsTest.java:37:33:37:36 | "v4" | CollectionsTest.java:37:17:37:37 | entry(...) |
|
|
||||||
| CollectionsTest.java:37:40:37:60 | entry(...) | CollectionsTest.java:37:3:37:61 | new ..[] { .. } |
|
|
||||||
| CollectionsTest.java:37:40:37:60 | entry(...) | CollectionsTest.java:37:3:37:61 | ofEntries(...) |
|
|
||||||
| CollectionsTest.java:37:56:37:59 | "v5" | CollectionsTest.java:37:40:37:60 | entry(...) |
|
|
||||||
| Test.java:24:32:24:38 | string2 | Test.java:24:17:24:39 | decode(...) |
|
| Test.java:24:32:24:38 | string2 | Test.java:24:17:24:39 | decode(...) |
|
||||||
| Test.java:25:46:25:51 | bytes2 | Test.java:25:31:25:52 | encode(...) |
|
| Test.java:25:46:25:51 | bytes2 | Test.java:25:31:25:52 | encode(...) |
|
||||||
| Test.java:27:34:27:40 | string2 | Test.java:27:13:27:41 | decode(...) |
|
| Test.java:27:34:27:40 | string2 | Test.java:27:13:27:41 | decode(...) |
|
||||||
|
|||||||
@@ -1,12 +1,38 @@
|
|||||||
import semmle.code.java.dataflow.DataFlow
|
import semmle.code.java.dataflow.DataFlow
|
||||||
import semmle.code.java.dataflow.internal.TaintTrackingUtil
|
import semmle.code.java.dataflow.internal.TaintTrackingUtil
|
||||||
|
import semmle.code.java.dataflow.internal.DataFlowNodes::Private
|
||||||
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
import semmle.code.java.dataflow.internal.FlowSummaryImpl as FlowSummaryImpl
|
||||||
|
|
||||||
|
predicate taintFlowThrough(DataFlow::ParameterNode p) {
|
||||||
|
exists(ReturnNode ret | localTaint(p, ret))
|
||||||
|
}
|
||||||
|
|
||||||
|
predicate taintFlowUpdate(DataFlow::ParameterNode p1, DataFlow::ParameterNode p2) {
|
||||||
|
exists(DataFlow::PostUpdateNode ret | localTaint(p1, ret) | ret.getPreUpdateNode() = p2)
|
||||||
|
}
|
||||||
|
|
||||||
from DataFlow::Node src, DataFlow::Node sink
|
from DataFlow::Node src, DataFlow::Node sink
|
||||||
where
|
where
|
||||||
(
|
(
|
||||||
localAdditionalTaintStep(src, sink) or
|
localAdditionalTaintStep(src, sink) or
|
||||||
FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
|
FlowSummaryImpl::Private::Steps::summaryThroughStep(src, sink, false)
|
||||||
) and
|
) and
|
||||||
not FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false)
|
not FlowSummaryImpl::Private::Steps::summaryLocalStep(src, sink, false) and
|
||||||
|
not FlowSummaryImpl::Private::Steps::summaryReadStep(src, _, sink) and
|
||||||
|
not FlowSummaryImpl::Private::Steps::summaryStoreStep(src, _, sink)
|
||||||
|
or
|
||||||
|
exists(ArgumentNode arg, MethodAccess call, DataFlow::ParameterNode p, int i |
|
||||||
|
src = arg and
|
||||||
|
p.isParameterOf(call.getMethod().getSourceDeclaration(), i) and
|
||||||
|
arg.argumentOf(call, i)
|
||||||
|
|
|
||||||
|
sink.asExpr() = call and
|
||||||
|
taintFlowThrough(p)
|
||||||
|
or
|
||||||
|
exists(DataFlow::ParameterNode p2, int j |
|
||||||
|
sink.(DataFlow::PostUpdateNode).getPreUpdateNode().(ArgumentNode).argumentOf(call, j) and
|
||||||
|
taintFlowUpdate(p, p2) and
|
||||||
|
p2.isParameterOf(_, j)
|
||||||
|
)
|
||||||
|
)
|
||||||
select src, sink
|
select src, sink
|
||||||
|
|||||||
@@ -33,14 +33,14 @@ class Test {
|
|||||||
|
|
||||||
byte x;
|
byte x;
|
||||||
byte[] tgt = new byte[100];
|
byte[] tgt = new byte[100];
|
||||||
x = tgt[0]; // not tainted
|
sink(tgt); // not tainted
|
||||||
IOUtils.read(inp, tgt);
|
IOUtils.read(inp, tgt);
|
||||||
x = tgt[0]; // tainted
|
sink(tgt); // tainted
|
||||||
|
|
||||||
tgt = new byte[100];
|
tgt = new byte[100];
|
||||||
x = tgt[0]; // not tainted
|
sink(tgt); // not tainted
|
||||||
IOUtils.readFully(inp, tgt);
|
IOUtils.readFully(inp, tgt);
|
||||||
x = tgt[0]; // tainted
|
sink(tgt); // tainted
|
||||||
|
|
||||||
writer = new StringWriter();
|
writer = new StringWriter();
|
||||||
writer.toString(); // not tainted
|
writer.toString(); // not tainted
|
||||||
@@ -62,4 +62,6 @@ class Test {
|
|||||||
IOUtils.writeLines(new ArrayList<String>(), s, writer);
|
IOUtils.writeLines(new ArrayList<String>(), s, writer);
|
||||||
writer.toString(); // tainted
|
writer.toString(); // tainted
|
||||||
}
|
}
|
||||||
|
|
||||||
|
static void sink(Object o) { }
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -28,14 +28,10 @@
|
|||||||
| Test.java:32:3:32:19 | toString(...) |
|
| Test.java:32:3:32:19 | toString(...) |
|
||||||
| Test.java:37:16:37:18 | inp |
|
| Test.java:37:16:37:18 | inp |
|
||||||
| Test.java:37:21:37:23 | tgt [post update] |
|
| Test.java:37:21:37:23 | tgt [post update] |
|
||||||
| Test.java:38:3:38:12 | ...=... |
|
| Test.java:38:8:38:10 | tgt |
|
||||||
| Test.java:38:7:38:9 | tgt |
|
|
||||||
| Test.java:38:7:38:12 | ...[...] |
|
|
||||||
| Test.java:42:21:42:23 | inp |
|
| Test.java:42:21:42:23 | inp |
|
||||||
| Test.java:42:26:42:28 | tgt [post update] |
|
| Test.java:42:26:42:28 | tgt [post update] |
|
||||||
| Test.java:43:3:43:12 | ...=... |
|
| Test.java:43:8:43:10 | tgt |
|
||||||
| Test.java:43:7:43:9 | tgt |
|
|
||||||
| Test.java:43:7:43:12 | ...[...] |
|
|
||||||
| Test.java:47:17:47:21 | chars |
|
| Test.java:47:17:47:21 | chars |
|
||||||
| Test.java:47:24:47:29 | writer [post update] |
|
| Test.java:47:24:47:29 | writer [post update] |
|
||||||
| Test.java:48:3:48:8 | writer |
|
| Test.java:48:3:48:8 | writer |
|
||||||
|
|||||||
@@ -3,7 +3,6 @@
|
|||||||
| A.java:33:23:33:29 | taint(...) | A.java:34:10:34:27 | toByteArray(...) |
|
| A.java:33:23:33:29 | taint(...) | A.java:34:10:34:27 | toByteArray(...) |
|
||||||
| A.java:46:27:46:33 | taint(...) | A.java:47:10:47:30 | toByteArray(...) |
|
| A.java:46:27:46:33 | taint(...) | A.java:47:10:47:30 | toByteArray(...) |
|
||||||
| A.java:55:58:55:64 | taint(...) | A.java:61:10:61:16 | dh.data |
|
| A.java:55:58:55:64 | taint(...) | A.java:61:10:61:16 | dh.data |
|
||||||
| A.java:72:16:72:22 | taint(...) | A.java:73:10:73:10 | b |
|
|
||||||
| B.java:15:21:15:27 | taint(...) | B.java:18:10:18:16 | aaaargs |
|
| B.java:15:21:15:27 | taint(...) | B.java:18:10:18:16 | aaaargs |
|
||||||
| B.java:15:21:15:27 | taint(...) | B.java:21:10:21:10 | s |
|
| B.java:15:21:15:27 | taint(...) | B.java:21:10:21:10 | s |
|
||||||
| B.java:15:21:15:27 | taint(...) | B.java:24:10:24:15 | concat |
|
| B.java:15:21:15:27 | taint(...) | B.java:24:10:24:15 | concat |
|
||||||
|
|||||||
@@ -17,22 +17,22 @@ public class ObjectUtilsTest {
|
|||||||
sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasValueFlow
|
sink(ObjectUtils.CONST_BYTE(IntSource.taint())); // $hasValueFlow
|
||||||
sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasValueFlow
|
sink(ObjectUtils.defaultIfNull(taint(), null)); // $hasValueFlow
|
||||||
sink(ObjectUtils.defaultIfNull(null, taint())); // $hasValueFlow
|
sink(ObjectUtils.defaultIfNull(null, taint())); // $hasValueFlow
|
||||||
sink(ObjectUtils.firstNonNull(taint(), null, null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.firstNonNull(taint(), null, null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.firstNonNull(null, taint(), null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.firstNonNull(null, taint(), null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.firstNonNull(null, null, taint())); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.firstNonNull(null, null, taint())); // $ hasValueFlow
|
||||||
sink(ObjectUtils.getIfNull(taint(), null)); // $hasValueFlow
|
sink(ObjectUtils.getIfNull(taint(), null)); // $hasValueFlow
|
||||||
sink(ObjectUtils.max(taint(), null, null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.max(taint(), null, null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.max(null, taint(), null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.max(null, taint(), null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.max(null, null, taint())); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.max(null, null, taint())); // $ hasValueFlow
|
||||||
sink(ObjectUtils.median(taint(), null, null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.median(taint(), null, null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.median((String)null, taint(), null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.median((String)null, taint(), null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.median((String)null, null, taint())); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.median((String)null, null, taint())); // $ hasValueFlow
|
||||||
sink(ObjectUtils.min(taint(), null, null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.min(taint(), null, null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.min(null, taint(), null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.min(null, taint(), null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.min(null, null, taint())); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.min(null, null, taint())); // $ hasValueFlow
|
||||||
sink(ObjectUtils.mode(taint(), null, null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.mode(taint(), null, null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.mode(null, taint(), null)); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.mode(null, taint(), null)); // $ hasValueFlow
|
||||||
sink(ObjectUtils.mode(null, null, taint())); // $ MISSING:hasValueFlow
|
sink(ObjectUtils.mode(null, null, taint())); // $ hasValueFlow
|
||||||
sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasValueFlow
|
sink(ObjectUtils.requireNonEmpty(taint(), "message")); // $hasValueFlow
|
||||||
sink(ObjectUtils.requireNonEmpty("not null", taint())); // GOOD (message doesn't propagate to the return)
|
sink(ObjectUtils.requireNonEmpty("not null", taint())); // GOOD (message doesn't propagate to the return)
|
||||||
sink(ObjectUtils.toString(taint(), "default string")); // GOOD (first argument is stringified)
|
sink(ObjectUtils.toString(taint(), "default string")); // GOOD (first argument is stringified)
|
||||||
|
|||||||
@@ -50,10 +50,10 @@ class Test {
|
|||||||
sink(StringUtils.deleteWhitespace(taint())); // $hasTaintFlow
|
sink(StringUtils.deleteWhitespace(taint())); // $hasTaintFlow
|
||||||
sink(StringUtils.difference(taint(), "rhs")); // $hasTaintFlow
|
sink(StringUtils.difference(taint(), "rhs")); // $hasTaintFlow
|
||||||
sink(StringUtils.difference("lhs", taint())); // $hasTaintFlow
|
sink(StringUtils.difference("lhs", taint())); // $hasTaintFlow
|
||||||
sink(StringUtils.firstNonBlank(taint(), "second string")); // $hasTaintFlow
|
sink(StringUtils.firstNonBlank(taint(), "second string")); // $hasValueFlow
|
||||||
sink(StringUtils.firstNonBlank("first string", taint())); // $hasTaintFlow
|
sink(StringUtils.firstNonBlank("first string", taint())); // $hasValueFlow
|
||||||
sink(StringUtils.firstNonEmpty(taint(), "second string")); // $hasTaintFlow
|
sink(StringUtils.firstNonEmpty(taint(), "second string")); // $hasValueFlow
|
||||||
sink(StringUtils.firstNonEmpty("first string", taint())); // $hasTaintFlow
|
sink(StringUtils.firstNonEmpty("first string", taint())); // $hasValueFlow
|
||||||
sink(StringUtils.getBytes(taint(), (Charset)null)); // $hasTaintFlow
|
sink(StringUtils.getBytes(taint(), (Charset)null)); // $hasTaintFlow
|
||||||
sink(StringUtils.getBytes(taint(), "some charset")); // $hasTaintFlow
|
sink(StringUtils.getBytes(taint(), "some charset")); // $hasTaintFlow
|
||||||
// GOOD: charset names are not a source of taint
|
// GOOD: charset names are not a source of taint
|
||||||
@@ -216,12 +216,12 @@ class Test {
|
|||||||
sink(StringUtils.strip(taint())); // $hasTaintFlow
|
sink(StringUtils.strip(taint())); // $hasTaintFlow
|
||||||
sink(StringUtils.strip(taint(), "charstoremove")); // $hasTaintFlow
|
sink(StringUtils.strip(taint(), "charstoremove")); // $hasTaintFlow
|
||||||
sink(StringUtils.stripAccents(taint())); // $hasTaintFlow
|
sink(StringUtils.stripAccents(taint())); // $hasTaintFlow
|
||||||
sink(StringUtils.stripAll(new String[] { taint() }, "charstoremove")); // $hasTaintFlow
|
sink(StringUtils.stripAll(new String[] { taint() }, "charstoremove")[0]); // $hasTaintFlow
|
||||||
sink(StringUtils.stripEnd(taint(), "charstoremove")); // $hasTaintFlow
|
sink(StringUtils.stripEnd(taint(), "charstoremove")); // $hasTaintFlow
|
||||||
sink(StringUtils.stripStart(taint(), "charstoremove")); // $hasTaintFlow
|
sink(StringUtils.stripStart(taint(), "charstoremove")); // $hasTaintFlow
|
||||||
// GOOD (next 4 calls): stripped chars do not flow to the return value.
|
// GOOD (next 4 calls): stripped chars do not flow to the return value.
|
||||||
sink(StringUtils.strip("original text", taint()));
|
sink(StringUtils.strip("original text", taint()));
|
||||||
sink(StringUtils.stripAll(new String[] { "original text" }, taint()));
|
sink(StringUtils.stripAll(new String[] { "original text" }, taint())[0]);
|
||||||
sink(StringUtils.stripEnd("original text", taint()));
|
sink(StringUtils.stripEnd("original text", taint()));
|
||||||
sink(StringUtils.stripStart("original text", taint()));
|
sink(StringUtils.stripStart("original text", taint()));
|
||||||
sink(StringUtils.stripToEmpty(taint())); // $hasTaintFlow
|
sink(StringUtils.stripToEmpty(taint())); // $hasTaintFlow
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ class TestBase {
|
|||||||
sink(Strings.lenientFormat(x, 3)); // $numTaintFlow=1
|
sink(Strings.lenientFormat(x, 3)); // $numTaintFlow=1
|
||||||
sink(Strings.commonPrefix(x, "abc"));
|
sink(Strings.commonPrefix(x, "abc"));
|
||||||
sink(Strings.commonSuffix(x, "cde"));
|
sink(Strings.commonSuffix(x, "cde"));
|
||||||
sink(Strings.lenientFormat("%s = %s", x, 3)); // $ MISSING:numTaintFlow=1
|
sink(Strings.lenientFormat("%s = %s", x, 3)); // $ numTaintFlow=1
|
||||||
}
|
}
|
||||||
|
|
||||||
void test2() {
|
void test2() {
|
||||||
|
|||||||
@@ -1,8 +1,10 @@
|
|||||||
edges
|
edges
|
||||||
| Test.java:6:35:6:44 | arg : String | Test.java:7:44:7:69 | ... + ... |
|
| Test.java:6:35:6:44 | arg : String | Test.java:7:44:7:69 | ... + ... |
|
||||||
| Test.java:6:35:6:44 | arg : String | Test.java:10:29:10:74 | new String[] |
|
| Test.java:6:35:6:44 | arg : String | Test.java:10:29:10:74 | new String[] |
|
||||||
| Test.java:6:35:6:44 | arg : String | Test.java:18:29:18:31 | cmd |
|
| Test.java:6:35:6:44 | arg : String | Test.java:16:13:16:25 | ... + ... : String |
|
||||||
| Test.java:6:35:6:44 | arg : String | Test.java:24:29:24:32 | cmd1 |
|
| Test.java:6:35:6:44 | arg : String | Test.java:24:29:24:32 | cmd1 |
|
||||||
|
| Test.java:16:5:16:7 | cmd [post update] : List | Test.java:18:29:18:31 | cmd |
|
||||||
|
| Test.java:16:13:16:25 | ... + ... : String | Test.java:16:5:16:7 | cmd [post update] : List |
|
||||||
| Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... |
|
| Test.java:28:38:28:47 | arg : String | Test.java:29:44:29:64 | ... + ... |
|
||||||
| Test.java:57:27:57:39 | args : String[] | Test.java:60:20:60:22 | arg : String |
|
| Test.java:57:27:57:39 | args : String[] | Test.java:60:20:60:22 | arg : String |
|
||||||
| Test.java:57:27:57:39 | args : String[] | Test.java:61:23:61:25 | arg : String |
|
| Test.java:57:27:57:39 | args : String[] | Test.java:61:23:61:25 | arg : String |
|
||||||
@@ -12,6 +14,8 @@ nodes
|
|||||||
| Test.java:6:35:6:44 | arg : String | semmle.label | arg : String |
|
| Test.java:6:35:6:44 | arg : String | semmle.label | arg : String |
|
||||||
| Test.java:7:44:7:69 | ... + ... | semmle.label | ... + ... |
|
| Test.java:7:44:7:69 | ... + ... | semmle.label | ... + ... |
|
||||||
| Test.java:10:29:10:74 | new String[] | semmle.label | new String[] |
|
| Test.java:10:29:10:74 | new String[] | semmle.label | new String[] |
|
||||||
|
| Test.java:16:5:16:7 | cmd [post update] : List | semmle.label | cmd [post update] : List |
|
||||||
|
| Test.java:16:13:16:25 | ... + ... : String | semmle.label | ... + ... : String |
|
||||||
| Test.java:18:29:18:31 | cmd | semmle.label | cmd |
|
| Test.java:18:29:18:31 | cmd | semmle.label | cmd |
|
||||||
| Test.java:24:29:24:32 | cmd1 | semmle.label | cmd1 |
|
| Test.java:24:29:24:32 | cmd1 | semmle.label | cmd1 |
|
||||||
| Test.java:28:38:28:47 | arg : String | semmle.label | arg : String |
|
| Test.java:28:38:28:47 | arg : String | semmle.label | arg : String |
|
||||||
|
|||||||
Reference in New Issue
Block a user