Apply code review suggestions.

2025-12-17 01:03:14 +01:00 · 2024-05-28 17:17:53 +02:00
parent f84c2a842d
commit f16dd8c010
3 changed files with 13 additions and 1 deletions
--- a/java/ql/lib/ext/java.io.model.yml
+++ b/java/ql/lib/ext/java.io.model.yml
@@ -3,6 +3,7 @@ extensions:
      pack: codeql/java-all
      extensible: sinkModel
    data:
+      - ["java.io", "File", True, "canExecute", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "canRead", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "canWrite", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "createNewFile", "()", "", "Argument[this]", "path-injection", "ai-manual"]
@@ -10,6 +11,9 @@ extensions:
      - ["java.io", "File", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "deleteOnExit", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isDirectory", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isFile", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isHidden", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "mkdir", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "mkdirs", "()", "", "Argument[this]", "path-injection", "manual"]
      - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
--- a/java/ql/src/change-notes/2024-05-27-path-injection-file-sinks.md
+++ b/java/ql/src/change-notes/2024-05-27-path-injection-file-sinks.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Added more `File`-related sinks to the path injection query.
+* Added more `java.io.File`-related sinks to the path injection query.
--- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java
+++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java
@@ -37,6 +37,8 @@ public class Test {
        getClass().getResource((String) source()); // $ hasTaintFlow
        // "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
        ClassLoader.getSystemResourceAsStream((String) source()); // $ hasTaintFlow
+        // "java.io;File;True;canExecute;();;Argument[this];path-injection;manual"
+        ((File) source()).canExecute(); // $ hasTaintFlow
        // "java.io;File;True;canRead;();;Argument[this];path-injection;manual"
        ((File) source()).canRead(); // $ hasTaintFlow
        // "java.io;File;True;canWrite;();;Argument[this];path-injection;manual"
@@ -51,6 +53,12 @@ public class Test {
        ((File) source()).deleteOnExit(); // $ hasTaintFlow
        // "java.io;File;True;exists;();;Argument[this];path-injection;manual"
        ((File) source()).exists(); // $ hasTaintFlow
+        // "java.io:File;True;isDirectory;();;Argument[this];path-injection;manual"
+        ((File) source()).isDirectory(); // $ hasTaintFlow
+        // "java.io:File;True;isFile;();;Argument[this];path-injection;manual"
+        ((File) source()).isFile(); // $ hasTaintFlow
+        // "java.io:File;True;isHidden;();;Argument[this];path-injection;manual"
+        ((File) source()).isHidden(); // $ hasTaintFlow
        // "java.io;File;True;mkdir;();;Argument[this];path-injection;manual"
        ((File) source()).mkdir(); // $ hasTaintFlow
        // "java.io;File;True;mkdirs;();;Argument[this];path-injection;manual"