Add models of JsonPointer, JsonMergeDiff and JsonPatchBuilder

2025-12-21 19:26:31 +01:00 · 2021-07-12 18:08:45 +01:00
parent 539859497b
commit cc4401b453
2 changed files with 1169 additions and 128 deletions
--- a/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll
+++ b/java/ql/src/semmle/code/java/frameworks/JavaxJson.qll
@@ -8,129 +8,129 @@ private import semmle.code.java.dataflow.ExternalFlow
 private class FlowSummaries extends SummaryModelCsv {
  override predicate row(string row) {
    row =
-      ["javax", "jakarta"] + ".json;" +
+      ["javax", "jakarta"] +
        [
-          "Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint",
-          "Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint",
+          ".json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint",
-          "Json;false;createDiff;;;Argument[0..1];ReturnValue;taint",
+          ".json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint",
-          "Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint",
+          ".json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint",
-          "Json;false;createMergePatch;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint",
-          "Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint",
-          "Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint",
+          ".json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint",
-          "Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint",
+          ".json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint",
-          "Json;false;createPatch;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createPatch;;;Argument[0];ReturnValue;taint",
-          "Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint",
-          "Json;false;createPointer;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createPointer;;;Argument[0];ReturnValue;taint",
-          "Json;false;createReader;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createReader;;;Argument[0];ReturnValue;taint",
-          "Json;false;createValue;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createValue;;;Argument[0];ReturnValue;taint",
-          "Json;false;createWriter;;;Argument[0];ReturnValue;taint",
+          ".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint",
-          "JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
+          ".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
-          "JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getInt;;;Argument[1];ReturnValue;value",
+          ".json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value",
-          "JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint",
-          "JsonArray;false;getString;;;Argument[1];ReturnValue;value",
+          ".json;JsonArray;false;getString;;;Argument[1];ReturnValue;value",
-          "JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint",
-          "JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value",
-          "JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint",
-          "JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
-          "JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
-          "JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint",
-          "JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value",
-          "JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint",
+          ".json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint",
-          "JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value",
-          "JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value",
+          ".json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value",
-          "JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint",
-          "JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint",
+          ".json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint",
-          "JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint",
-          "JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value",
+          ".json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value",
-          "JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getInt;;;Argument[1];ReturnValue;value",
+          ".json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value",
-          "JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint",
-          "JsonObject;false;getString;;;Argument[1];ReturnValue;value",
+          ".json;JsonObject;false;getString;;;Argument[1];ReturnValue;value",
-          "JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value",
+          ".json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value",
-          "JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint",
+          ".json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint",
-          "JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value",
+          ".json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value",
-          "JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
+          ".json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
-          "JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
+          ".json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
-          "JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
-          "JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value",
+          ".json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value",
-          "JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint",
+          ".json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint",
-          "JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint",
-          "JsonPatch;false;apply;;;Argument[0];ReturnValue;taint",
+          ".json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint",
-          "JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint",
-          "JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint",
-          "JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint",
-          "JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint",
-          "JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint",
-          "JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint",
-          "JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint",
-          "JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value",
-          "JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value",
+          ".json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint",
-          "JsonPointer;false;add;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint",
-          "JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint",
-          "JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint",
+          ".json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint",
-          "JsonPointer;false;remove;;;Argument[0];ReturnValue;taint",
+          ".json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint",
-          "JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint",
+          ".json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint",
-          "JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint",
-          "JsonReader;false;read;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint",
-          "JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint",
-          "JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint",
-          "JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint",
-          "JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint",
+          ".json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint",
-          "JsonString;false;getChars;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint",
-          "JsonString;false;getString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint",
-          "JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint",
-          "JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint",
-          "JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint",
-          "JsonValue;true;toString;;;Argument[-1];ReturnValue;taint",
+          ".json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint",
-          "JsonWriter;false;write;;;Argument[0];Argument[-1];taint",
+          ".json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint",
-          "JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint",
+          ".json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint",
-          "JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint",
+          ".json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint",
-          "JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint"
+          ".json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint"
        ]
  }
 }
--- a/java/ql/test/library-tests/frameworks/javax-json/Test.java
+++ b/java/ql/test/library-tests/frameworks/javax-json/Test.java