diff --git a/java/ql/lib/change-notes/2023-03-31-new-models-tr2284.md b/java/ql/lib/change-notes/2023-03-31-new-models-tr2284.md new file mode 100644 index 00000000000..47cbed7e182 --- /dev/null +++ b/java/ql/lib/change-notes/2023-03-31-new-models-tr2284.md @@ -0,0 +1,8 @@ +--- +category: minorAnalysis +--- +* Added models for the following packages: + * java.io + * java.lang.module + * java.nio.file.spi + * org.apache.commons.io diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 227886a14ea..e18709562a5 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -5,11 +5,14 @@ extensions: data: - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "create-file", "ai-generated"] - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "create-file", "ai-generated"] + - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "create-file", "ai-generated"] # This could, depending on the platform, also remove the file if one already exists with that path: https://docs.oracle.com/javase/7/docs/api/java/io/File.html#renameTo(java.io.File). - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"] - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "create-file", "manual"] - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "write-file", "manual"] - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "read-file", "ai-generated"] - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "read-file", "ai-generated"] + - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "create-file", "ai-generated"] # not sure, may be worth having an extra label for creating a dir.. - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "create-file", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(File,Charset)", "", "Argument[0]", "create-file", "manual"] diff --git a/java/ql/lib/ext/java.lang.module.model.yml b/java/ql/lib/ext/java.lang.module.model.yml new file mode 100644 index 00000000000..209b2a98063 --- /dev/null +++ b/java/ql/lib/ext/java.lang.module.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.lang.module", "ModuleReader", True, "find", "(String)", "", "Argument[0]", "read-file", "ai-generated"] # The documentation implies that the location is actually read: https://docs.oracle.com/javase/9/docs/api/java/lang/module/ModuleReader.html#find-java.lang.String- diff --git a/java/ql/lib/ext/java.nio.file.spi.model.yml b/java/ql/lib/ext/java.nio.file.spi.model.yml new file mode 100644 index 00000000000..3b1faee241d --- /dev/null +++ b/java/ql/lib/ext/java.nio.file.spi.model.yml @@ -0,0 +1,6 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["java.nio.file.spi", "FileSystemProvider", True, "checkAccess", "(Path,AccessMode[])", "", "Argument[0]", "read-file", "ai-generated"] diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index 7a3176c1e7d..6dd79edbce7 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -16,4 +16,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: +# suggested label is not supported: - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "TODO", "ai-generated"] +# suggested label is not supported: - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "TODO", "ai-generated"] # Not sure what this should be; the input stream is read from here - could be a file, could be memory, could be something else. - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"]