mirror of
https://github.com/github/codeql.git
synced 2026-02-27 12:23:41 +01:00
Java: adjust wrapped constructor calls
This commit is contained in:
@@ -243,28 +243,28 @@ private predicate summaryModelCsv(string row) {
|
||||
"org.apache.commons.io;IOUtils;false;writeLines;;;Argument[0];Argument[2];taint",
|
||||
"org.apache.commons.io;IOUtils;false;writeLines;;;Argument[1];Argument[2];taint",
|
||||
// constructor flow
|
||||
"java.io;File;false;File;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;File;false;File;;;Argument[1];ReturnValue;taint",
|
||||
"java.net;URI;false;URI;(String);;Argument[0];ReturnValue;taint",
|
||||
"javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];ReturnValue;taint",
|
||||
"javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];ReturnValue;taint",
|
||||
"javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];ReturnValue;taint",
|
||||
"org.xml.sax;InputSource;false;InputSource;;;Argument[0];ReturnValue;taint",
|
||||
"javax.servlet.http;Cookie;false;Cookie;;;Argument[0];ReturnValue;taint",
|
||||
"javax.servlet.http;Cookie;false;Cookie;;;Argument[1];ReturnValue;taint",
|
||||
"java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];ReturnValue;taint",
|
||||
"java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];ReturnValue;taint",
|
||||
"com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;DataInputStream;false;DataInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;StringReader;false;StringReader;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;BufferedReader;false;BufferedReader;;;Argument[0];ReturnValue;taint",
|
||||
"java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];ReturnValue;taint"
|
||||
"java.io;File;false;File;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;File;false;File;;;Argument[1];Argument[-1];taint",
|
||||
"java.net;URI;false;URI;(String);;Argument[0];Argument[-1];taint",
|
||||
"javax.xml.transform.stream;StreamSource;false;StreamSource;;;Argument[0];Argument[-1];taint",
|
||||
"javax.xml.transform.sax;SAXSource;false;SAXSource;(InputSource);;Argument[0];Argument[-1];taint",
|
||||
"javax.xml.transform.sax;SAXSource;false;SAXSource;(XMLReader,InputSource);;Argument[1];Argument[-1];taint",
|
||||
"org.xml.sax;InputSource;false;InputSource;;;Argument[0];Argument[-1];taint",
|
||||
"javax.servlet.http;Cookie;false;Cookie;;;Argument[0];Argument[-1];taint",
|
||||
"javax.servlet.http;Cookie;false;Cookie;;;Argument[1];Argument[-1];taint",
|
||||
"java.util.zip;ZipInputStream;false;ZipInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.util.zip;GZIPInputStream;false;GZIPInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.util;StringTokenizer;false;StringTokenizer;;;Argument[0];Argument[-1];taint",
|
||||
"java.beans;XMLDecoder;false;XMLDecoder;;;Argument[0];Argument[-1];taint",
|
||||
"com.esotericsoftware.kryo.io;Input;false;Input;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;BufferedInputStream;false;BufferedInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;DataInputStream;false;DataInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;ByteArrayInputStream;false;ByteArrayInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;ObjectInputStream;false;ObjectInputStream;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;StringReader;false;StringReader;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;CharArrayReader;false;CharArrayReader;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;BufferedReader;false;BufferedReader;;;Argument[0];Argument[-1];taint",
|
||||
"java.io;InputStreamReader;false;InputStreamReader;;;Argument[0];Argument[-1];taint"
|
||||
]
|
||||
}
|
||||
|
||||
@@ -697,15 +697,3 @@ predicate summaryStep(Node node1, Node node2, string kind) {
|
||||
interpretOutput(output, 0, ref, TNode(node2))
|
||||
)
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if `node1` to `node2` is specified as a flow step with the given kind, input and output
|
||||
* in a CSV flow model.
|
||||
*/
|
||||
predicate summaryStep(Node node1, Node node2, string kind, string input, string output) {
|
||||
exists(Top ref |
|
||||
summaryElementRef(ref, input, output, kind) and
|
||||
interpretInput(input, 0, ref, TNode(node1)) and
|
||||
interpretOutput(output, 0, ref, TNode(node2))
|
||||
)
|
||||
}
|
||||
|
||||
@@ -166,9 +166,6 @@ private predicate inputStreamWrapper(Constructor c, int argi) {
|
||||
/** An object construction that preserves the data flow status of any of its arguments. */
|
||||
private predicate constructorStep(Expr tracked, ConstructorCall sink) {
|
||||
exists(int argi | sink.getArgument(argi) = tracked |
|
||||
summaryStep(any(DataFlow::Node n | n.asExpr() = tracked),
|
||||
any(DataFlow::Node n | n.asExpr() = sink), "taint", "Argument(" + argi + ")", "ReturnValue")
|
||||
or
|
||||
// wrappers constructed by extension
|
||||
exists(Constructor c, Parameter p, SuperConstructorInvocationStmt sup |
|
||||
c = sink.getConstructor() and
|
||||
|
||||
Reference in New Issue
Block a user