hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Apply code review suggestions.

Browse Source
This commit is contained in:
Tony Torralba
2024-05-28 17:17:53 +02:00
parent f84c2a842d
commit f16dd8c010
3 changed files with 13 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
java/ql/lib/ext/java.io.model.yml
View File

@@ -3,6 +3,7 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["java.io", "File", True, "canExecute", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "canRead", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "canWrite", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "createNewFile", "()", "", "Argument[this]", "path-injection", "ai-manual"]
@@ -10,6 +11,9 @@ extensions:
- ["java.io", "File", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "deleteOnExit", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "isDirectory", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "isFile", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "isHidden", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "mkdir", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "mkdirs", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]

2
java/ql/src/change-notes/2024-05-27-path-injection-file-sinks.md
View File

@@ -1,4 +1,4 @@
---
category: minorAnalysis
---
* Added more `File`-related sinks to the path injection query.
* Added more `java.io.File`-related sinks to the path injection query.

8
java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java
View File

@@ -37,6 +37,8 @@ public class Test {
getClass().getResource((String) source()); // $ hasTaintFlow
// "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
ClassLoader.getSystemResourceAsStream((String) source()); // $ hasTaintFlow
// "java.io;File;True;canExecute;();;Argument[this];path-injection;manual"
((File) source()).canExecute(); // $ hasTaintFlow
// "java.io;File;True;canRead;();;Argument[this];path-injection;manual"
((File) source()).canRead(); // $ hasTaintFlow
// "java.io;File;True;canWrite;();;Argument[this];path-injection;manual"
@@ -51,6 +53,12 @@ public class Test {
((File) source()).deleteOnExit(); // $ hasTaintFlow
// "java.io;File;True;exists;();;Argument[this];path-injection;manual"
((File) source()).exists(); // $ hasTaintFlow
// "java.io:File;True;isDirectory;();;Argument[this];path-injection;manual"
((File) source()).isDirectory(); // $ hasTaintFlow
// "java.io:File;True;isFile;();;Argument[this];path-injection;manual"
((File) source()).isFile(); // $ hasTaintFlow
// "java.io:File;True;isHidden;();;Argument[this];path-injection;manual"
((File) source()).isHidden(); // $ hasTaintFlow
// "java.io;File;True;mkdir;();;Argument[this];path-injection;manual"
((File) source()).mkdir(); // $ hasTaintFlow
// "java.io;File;True;mkdirs;();;Argument[this];path-injection;manual"