Update MaD Declarations after Triage

2025-12-20 10:46:30 +01:00 · 2023-03-31 10:30:33 +02:00
parent 5ee9711f03
commit cb8506d51a
5 changed files with 25 additions and 0 deletions
--- a/java/ql/lib/change-notes/2023-03-31-new-models-tr2284.md
+++ b/java/ql/lib/change-notes/2023-03-31-new-models-tr2284.md
@@ -0,0 +1,8 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+  * java.io
+  * java.lang.module
+  * java.nio.file.spi
+  * org.apache.commons.io
--- a/java/ql/lib/ext/java.io.model.yml
+++ b/java/ql/lib/ext/java.io.model.yml
@@ -5,11 +5,14 @@ extensions:
    data:
      - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "create-file", "ai-generated"]
      - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "create-file", "ai-generated"] # This could, depending on the platform, also remove the file if one already exists with that path: https://docs.oracle.com/javase/7/docs/api/java/io/File.html#renameTo(java.io.File).
      - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
      - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "create-file", "manual"]
      - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "write-file", "manual"]
      - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
      - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "create-file", "ai-generated"] # not sure, may be worth having an extra label for creating a dir..
      - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "create-file", "manual"]
      - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "create-file", "manual"]
      - ["java.io", "PrintStream", False, "PrintStream", "(File,Charset)", "", "Argument[0]", "create-file", "manual"]
--- a/java/ql/lib/ext/java.lang.module.model.yml
+++ b/java/ql/lib/ext/java.lang.module.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.lang.module", "ModuleReader", True, "find", "(String)", "", "Argument[0]", "read-file", "ai-generated"] # The documentation implies that the location is actually read: https://docs.oracle.com/javase/9/docs/api/java/lang/module/ModuleReader.html#find-java.lang.String-
--- a/java/ql/lib/ext/java.nio.file.spi.model.yml
+++ b/java/ql/lib/ext/java.nio.file.spi.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.nio.file.spi", "FileSystemProvider", True, "checkAccess", "(Path,AccessMode[])", "", "Argument[0]", "read-file", "ai-generated"]
--- a/java/ql/lib/ext/org.apache.commons.io.model.yml
+++ b/java/ql/lib/ext/org.apache.commons.io.model.yml
@@ -16,4 +16,6 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+# suggested label is not supported:      - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "TODO", "ai-generated"]
+# suggested label is not supported:      - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "TODO", "ai-generated"] # Not sure what this should be; the input stream is read from here - could be a file, could be memory, could be something else.
      - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"]