Add sinks for URL Open Stream query

java/ql/src/experimental/Security/CWE/CWE-036/OpenStream.ql

@@ -8,6 +8,7 @@
 import java
 import semmle.code.java.dataflow.TaintTracking
 import semmle.code.java.dataflow.FlowSources
+import semmle.code.java.dataflow.ExternalFlow
 import DataFlow::PathGraph
 
 class URLConstructor extends ClassInstanceExpr {
@@ -21,6 +22,13 @@ class URLConstructor extends ClassInstanceExpr {
   }
 }
 
+class URLOpenStreamCsv extends SinkModelCsv {
+  override predicate row(string row) {
+    //"package;type;overrides;name;signature;ext;inputspec;kind",
+    row = "java.net;URL;true;openStream;();;Argument[-1];url-open-stream"
+  }
+}
+
 class URLOpenStreamMethod extends Method {
   URLOpenStreamMethod() {
     this.getDeclaringType() instanceof TypeUrl and
@@ -33,11 +41,7 @@ class RemoteURLToOpenStreamFlowConfig extends TaintTracking::Configuration {
 
   override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess m |
-      sink.asExpr() = m.getQualifier() and m.getMethod() instanceof URLOpenStreamMethod
-    )
-  }
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "url-open-stream") }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
     exists(URLConstructor u |

java/ql/src/semmle/code/java/frameworks/guava/IO.qll

@@ -80,3 +80,19 @@ private class GuavaIoCsv extends SummaryModelCsv {
       ]
   }
 }
+
+private class GuavaIoSinkCsv extends SinkModelCsv {
+  override predicate row(string row) {
+    row =
+      [
+        //"package;type;overrides;name;signature;ext;inputspec;kind",
+        "com.google.common.io;Resources;false;asByteSource;(URL);;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;asCharSource;(URL,Charset);;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;copy;(URL,OutputStream);;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;asByteSource;(URL);;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;readLines;;;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;toByteArray;(URL);;Argument[0];url-open-stream",
+        "com.google.common.io;Resources;false;toString;(URL,Charset);;Argument[0];url-open-stream"
+      ]
+  }
+}