hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #13394 from atorralba/atorralba/java/fix-gson-jsonarray-models

Browse Source 
Java: Fix Gson's JsonArray.add models
This commit is contained in:
Anders Schack-Mulligen
2023-06-08 11:05:40 +02:00
committed by GitHub
parent 76a8e9827e c0135673fa
commit cc45db7c76
2 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
java/ql/lib/ext/com.google.gson.model.yml
View File

@@ -26,7 +26,12 @@ extensions:
- ["com.google.gson", "JsonElement", True, "getAsJsonPrimitive", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["com.google.gson", "JsonElement", True, "getAsString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["com.google.gson", "JsonElement", True, "toString", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "(Boolean)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "(Character)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "(JsonElement)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "(Number)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
- ["com.google.gson", "JsonArray", True, "add", "(String)", "", "Argument[0]", "Argument[this].Element", "taint", "manual"]
- ["com.google.gson", "JsonArray", True, "addAll", "(JsonArray)", "", "Argument[0].Element", "Argument[this].Element", "value", "manual"]
- ["com.google.gson", "JsonArray", True, "asList", "", "", "Argument[this].Element", "ReturnValue.Element", "value", "manual"]
- ["com.google.gson", "JsonArray", True, "get", "", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
- ["com.google.gson", "JsonArray", True, "set", "", "", "Argument[1]", "Argument[this].Element", "value", "manual"]

29
java/ql/test/library-tests/frameworks/gson/Test.java
View File

@@ -25,7 +25,7 @@ public class Test {
<K> K getMapKeyDefault(Map.Entry<K,?> container) { return container.getKey(); }
JsonElement getMapValueDefault(JsonObject container) { return container.get(null); }
<V> V getMapValueDefault(Map.Entry<?,V> container) { return container.getValue(); }
JsonArray newWithElementDefault(String element) { JsonArray a = new JsonArray(); a.add(element); return a; }
JsonArray newWithElementDefault(JsonElement element) { JsonArray a = new JsonArray(); a.add(element); return a; }
JsonObject newWithMapKeyDefault(String key) { JsonObject o = new JsonObject(); o.add(key, (JsonElement) null); return o; }
JsonObject newWithMapValueDefault(JsonElement element) { JsonObject o = new JsonObject(); o.add(null, element); return o; }
Object source() { return null; }
@@ -232,51 +232,58 @@ public class Test {
sink(out); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
// "com.google.gson;JsonArray;true;add;(Boolean);;Argument[0];Argument[this].Element;taint;manual"
JsonArray out = null;
Boolean in = (Boolean)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
sink(getElement(out)); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
// "com.google.gson;JsonArray;true;add;(Character);;Argument[0];Argument[this].Element;taint;manual"
JsonArray out = null;
Character in = (Character)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
sink(getElement(out)); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
// "com.google.gson;JsonArray;true;add;(JsonElement);;Argument[0];Argument[this].Element;value;manual"
JsonArray out = null;
JsonElement in = (JsonElement)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
// "com.google.gson;JsonArray;true;add;(Number);;Argument[0];Argument[this].Element;taint;manual"
JsonArray out = null;
Number in = (Number)source();
out.add(in);
sink(getElement(out)); // $ hasValueFlow
sink(getElement(out)); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;add;;;Argument[0];Argument[this].Element;value;manual"
// "com.google.gson;JsonArray;true;add;(String);;Argument[0];Argument[this].Element;taint;manual"
JsonArray out = null;
String in = (String)source();
out.add(in);
sink(getElement(out)); // $ hasTaintFlow
}
{
// "com.google.gson;JsonArray;true;addAll;(JsonArray);;Argument[0].Element;Argument[this].Element;value;manual"
JsonArray out = null;
JsonArray in = newWithElementDefault((JsonElement) source());
out.addAll(in);
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;asList;;;Argument[this].Element;ReturnValue.Element;value;manual"
List out = null;
JsonArray in = (JsonArray)newWithElementDefault((String) source());
JsonArray in = newWithElementDefault((JsonElement) source());
out = in.asList();
sink(getElement(out)); // $ hasValueFlow
}
{
// "com.google.gson;JsonArray;true;get;;;Argument[this].Element;ReturnValue;value;manual"
JsonElement out = null;
JsonArray in = (JsonArray)newWithElementDefault((String) source());
JsonArray in = newWithElementDefault((JsonElement) source());
out = in.get(0);
sink(out); // $ hasValueFlow
}