From ced7a33419c2b05baa044d511633ca87c338a540 Mon Sep 17 00:00:00 2001 From: tiferet Date: Tue, 28 Feb 2023 16:59:52 -0800 Subject: [PATCH] Add a negative characteristic that indicates that an endpoint was manually modeled as a neutral model. --- .../EndpointCharacteristics.qll | 22 +++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll index 895c7369bf4..8c36374b1f6 100644 --- a/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll +++ b/java/ql/experimental/adaptivethreatmodeling/lib/experimental/adaptivethreatmodeling/EndpointCharacteristics.qll @@ -576,3 +576,25 @@ private class TestFileCharacteristic extends LikelyNotASinkCharacteristic { file.getAbsolutePath().matches("%/guava-testlib/%") } } + +/** + * A negative characteristic that indicates that an endpoint was manually modeled as a neutral model. + * + * TODO: It may be possible to turn this into a NotASinkCharacteristic, pending answers to the definition of a neutral + * model (https://github.com/github/codeql-java-team/issues/254#issuecomment-1435309148). + */ +private class NeutralModelCharacteristic extends LikelyNotASinkCharacteristic { + NeutralModelCharacteristic() { this = "neutral model" } + + override predicate appliesToEndpoint(DataFlow::Node n) { + exists(Callable callee, Call call, string package, string type, string name, string signature | + n.asExpr() = call.getAnArgument() and + callee = call.getCallee() and + package = callee.getDeclaringType().getPackage().getName() and + type = callee.getDeclaringType().getName() and //TODO: Will this work for inner classes? Will it produce X$Y? What about lambdas? What about enums? What about interfaces? What about annotations? + name = callee.getName() and // TODO: Will this work for constructors? + signature = paramsString(callee) and // TODO: Why are brackets being escaped (`\[\]` vs `[]`)? + neutralModel(package, type, name, signature, "manual") + ) + } +}