mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
Merge pull request #12931 from michaelnebel/neutralkinds
Java/C#: Introduce kind for neutrals.
This commit is contained in:
Michael Nebel
@@ -0,0 +1,4 @@
|
||||
---
|
||||
category: minorAnalysis
|
||||
---
|
||||
* Updated the `neutralModel` extensible predicate to include a `kind` column.
|
||||
File diff suppressed because it is too large
Load Diff
File diff suppressed because it is too large
Load Diff
@@ -13,4 +13,4 @@ extensions:
|
||||
data:
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.awt", "Insets", "Insets", "(int,int,int,int)", "manual"] # value-numeric
|
||||
- ["java.awt", "Insets", "Insets", "(int,int,int,int)", "summary", "manual"] # value-numeric
|
||||
|
||||
@@ -100,20 +100,20 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.io", "Closeable", "close", "()", "manual"]
|
||||
- ["java.io", "DataOutput", "writeBoolean", "(boolean)", "manual"]
|
||||
- ["java.io", "File", "delete", "()", "manual"]
|
||||
- ["java.io", "File", "exists", "()", "manual"]
|
||||
- ["java.io", "File", "isFile", "()", "manual"]
|
||||
- ["java.io", "File", "length", "()", "manual"]
|
||||
- ["java.io", "File", "isDirectory", "()", "manual"]
|
||||
- ["java.io", "File", "mkdirs", "()", "manual"]
|
||||
- ["java.io", "FileInputStream", "FileInputStream", "(File)", "manual"]
|
||||
- ["java.io", "InputStream", "close", "()", "manual"]
|
||||
- ["java.io", "OutputStream", "flush", "()", "manual"]
|
||||
- ["java.io", "Closeable", "close", "()", "summary", "manual"]
|
||||
- ["java.io", "DataOutput", "writeBoolean", "(boolean)", "summary", "manual"]
|
||||
- ["java.io", "File", "delete", "()", "summary", "manual"]
|
||||
- ["java.io", "File", "exists", "()", "summary", "manual"]
|
||||
- ["java.io", "File", "isFile", "()", "summary", "manual"]
|
||||
- ["java.io", "File", "length", "()", "summary", "manual"]
|
||||
- ["java.io", "File", "isDirectory", "()", "summary", "manual"]
|
||||
- ["java.io", "File", "mkdirs", "()", "summary", "manual"]
|
||||
- ["java.io", "FileInputStream", "FileInputStream", "(File)", "summary", "manual"]
|
||||
- ["java.io", "InputStream", "close", "()", "summary", "manual"]
|
||||
- ["java.io", "OutputStream", "flush", "()", "summary", "manual"]
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.io", "DataInput", "readInt", "()", "manual"] # taint-numeric
|
||||
- ["java.io", "DataInput", "readLong", "()", "manual"] # taint-numeric
|
||||
- ["java.io", "DataOutput", "writeInt", "(int)", "manual"] # taint-numeric
|
||||
- ["java.io", "DataOutput", "writeLong", "(long)", "manual"] # taint-numeric
|
||||
- ["java.io", "DataInput", "readInt", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.io", "DataInput", "readLong", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.io", "DataOutput", "writeInt", "(int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.lang.invoke", "MethodHandles", "lookup", "()", "manual"]
|
||||
- ["java.lang.invoke", "MethodHandles", "lookup", "()", "summary", "manual"]
|
||||
|
||||
@@ -138,89 +138,89 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.lang", "AbstractStringBuilder", "length", "()", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setCharAt", "(int,char)", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setLength", "(int)", "manual"]
|
||||
- ["java.lang", "Boolean", "booleanValue", "()", "manual"]
|
||||
- ["java.lang", "Boolean", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Boolean", "parseBoolean", "(String)", "manual"]
|
||||
- ["java.lang", "Boolean", "valueOf", "(boolean)", "manual"]
|
||||
- ["java.lang", "CharSequence", "length", "()", "manual"]
|
||||
- ["java.lang", "Class", "forName", "(String)", "manual"]
|
||||
- ["java.lang", "Class", "getCanonicalName", "()", "manual"]
|
||||
- ["java.lang", "Class", "getClassLoader", "()", "manual"]
|
||||
- ["java.lang", "Class", "getDeclaredConstructor", "(Class[])", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getDeclaredField", "(String)", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getMethod", "(String,Class[])", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getName", "()", "manual"]
|
||||
- ["java.lang", "Class", "getResource", "(String)", "manual"]
|
||||
- ["java.lang", "Class", "getResourceAsStream", "(String)", "manual"]
|
||||
- ["java.lang", "Class", "getSimpleName", "()", "manual"]
|
||||
- ["java.lang", "Class", "isAssignableFrom", "(Class)", "manual"]
|
||||
- ["java.lang", "Class", "isInstance", "(Object)", "manual"]
|
||||
- ["java.lang", "Class", "toString", "()", "manual"]
|
||||
- ["java.lang", "ClassLoader", "getResource", "(String)", "manual"]
|
||||
- ["java.lang", "ClassLoader", "getResourceAsStream", "(String)", "manual"]
|
||||
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
|
||||
- ["java.lang", "Enum", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Enum", "hashCode", "()", "manual"]
|
||||
- ["java.lang", "Enum", "name", "()", "manual"]
|
||||
- ["java.lang", "Enum", "ordinal", "()", "manual"]
|
||||
- ["java.lang", "Enum", "toString", "()", "manual"]
|
||||
- ["java.lang", "Integer", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Long", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Object", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "Object", "getClass", "()", "manual"]
|
||||
- ["java.lang", "Object", "hashCode", "()", "manual"]
|
||||
- ["java.lang", "Object", "toString", "()", "manual"]
|
||||
- ["java.lang", "Runnable", "run", "()", "manual"]
|
||||
- ["java.lang", "Runtime", "getRuntime", "()", "manual"]
|
||||
- ["java.lang", "String", "compareTo", "(String)", "manual"]
|
||||
- ["java.lang", "String", "contains", "(CharSequence)", "manual"]
|
||||
- ["java.lang", "String", "endsWith", "(String)", "manual"]
|
||||
- ["java.lang", "String", "equals", "(Object)", "manual"]
|
||||
- ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
|
||||
- ["java.lang", "String", "hashCode", "()", "manual"]
|
||||
- ["java.lang", "String", "indexOf", "(int)", "manual"]
|
||||
- ["java.lang", "String", "indexOf", "(String)", "manual"]
|
||||
- ["java.lang", "String", "isEmpty", "()", "manual"]
|
||||
- ["java.lang", "String", "lastIndexOf", "(int)", "manual"]
|
||||
- ["java.lang", "String", "lastIndexOf", "(String)", "manual"]
|
||||
- ["java.lang", "String", "length", "()", "manual"]
|
||||
- ["java.lang", "String", "startsWith", "(String)", "manual"]
|
||||
- ["java.lang", "String", "valueOf", "(boolean)", "manual"]
|
||||
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]
|
||||
- ["java.lang", "System", "exit", "(int)", "manual"]
|
||||
- ["java.lang", "System", "getenv", "(String)", "manual"]
|
||||
- ["java.lang", "System", "identityHashCode", "(Object)", "manual"]
|
||||
- ["java.lang", "System", "lineSeparator", "()", "manual"]
|
||||
- ["java.lang", "System", "nanoTime", "()", "manual"]
|
||||
- ["java.lang", "Thread", "currentThread", "()", "manual"]
|
||||
- ["java.lang", "Thread", "getContextClassLoader", "()", "manual"]
|
||||
- ["java.lang", "Thread", "interrupt", "()", "manual"]
|
||||
- ["java.lang", "Thread", "sleep", "(long)", "manual"]
|
||||
- ["java.lang", "Thread", "start", "()", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "length", "()", "summary", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setCharAt", "(int,char)", "summary", "manual"]
|
||||
- ["java.lang", "AbstractStringBuilder", "setLength", "(int)", "summary", "manual"]
|
||||
- ["java.lang", "Boolean", "booleanValue", "()", "summary", "manual"]
|
||||
- ["java.lang", "Boolean", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Boolean", "parseBoolean", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "Boolean", "valueOf", "(boolean)", "summary", "manual"]
|
||||
- ["java.lang", "CharSequence", "length", "()", "summary", "manual"]
|
||||
- ["java.lang", "Class", "forName", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getCanonicalName", "()", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getClassLoader", "()", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getDeclaredConstructor", "(Class[])", "summary", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getDeclaredField", "(String)", "summary", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getMethod", "(String,Class[])", "summary", "manual"] # This model may be changed to a taint step for an unsafe reflection query in the future.
|
||||
- ["java.lang", "Class", "getName", "()", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getResource", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getResourceAsStream", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "Class", "getSimpleName", "()", "summary", "manual"]
|
||||
- ["java.lang", "Class", "isAssignableFrom", "(Class)", "summary", "manual"]
|
||||
- ["java.lang", "Class", "isInstance", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Class", "toString", "()", "summary", "manual"]
|
||||
- ["java.lang", "ClassLoader", "getResource", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "ClassLoader", "getResourceAsStream", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "Enum", "(String,int)", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "hashCode", "()", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "name", "()", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "ordinal", "()", "summary", "manual"]
|
||||
- ["java.lang", "Enum", "toString", "()", "summary", "manual"]
|
||||
- ["java.lang", "Integer", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Long", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Object", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "Object", "getClass", "()", "summary", "manual"]
|
||||
- ["java.lang", "Object", "hashCode", "()", "summary", "manual"]
|
||||
- ["java.lang", "Object", "toString", "()", "summary", "manual"]
|
||||
- ["java.lang", "Runnable", "run", "()", "summary", "manual"]
|
||||
- ["java.lang", "Runtime", "getRuntime", "()", "summary", "manual"]
|
||||
- ["java.lang", "String", "compareTo", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "contains", "(CharSequence)", "summary", "manual"]
|
||||
- ["java.lang", "String", "endsWith", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "String", "equalsIgnoreCase", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "hashCode", "()", "summary", "manual"]
|
||||
- ["java.lang", "String", "indexOf", "(int)", "summary", "manual"]
|
||||
- ["java.lang", "String", "indexOf", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.lang", "String", "lastIndexOf", "(int)", "summary", "manual"]
|
||||
- ["java.lang", "String", "lastIndexOf", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "length", "()", "summary", "manual"]
|
||||
- ["java.lang", "String", "startsWith", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "String", "valueOf", "(boolean)", "summary", "manual"]
|
||||
- ["java.lang", "System", "currentTimeMillis", "()", "summary", "manual"]
|
||||
- ["java.lang", "System", "exit", "(int)", "summary", "manual"]
|
||||
- ["java.lang", "System", "getenv", "(String)", "summary", "manual"]
|
||||
- ["java.lang", "System", "identityHashCode", "(Object)", "summary", "manual"]
|
||||
- ["java.lang", "System", "lineSeparator", "()", "summary", "manual"]
|
||||
- ["java.lang", "System", "nanoTime", "()", "summary", "manual"]
|
||||
- ["java.lang", "Thread", "currentThread", "()", "summary", "manual"]
|
||||
- ["java.lang", "Thread", "getContextClassLoader", "()", "summary", "manual"]
|
||||
- ["java.lang", "Thread", "interrupt", "()", "summary", "manual"]
|
||||
- ["java.lang", "Thread", "sleep", "(long)", "summary", "manual"]
|
||||
- ["java.lang", "Thread", "start", "()", "summary", "manual"]
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.lang", "Double", "doubleToLongBits", "(double)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "parseDouble", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "valueOf", "(double)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "Integer", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "parseInt", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toHexString", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toString", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "Long", "(long)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "longValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "parseLong", "(String)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "toString", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.lang", "Math", "max", "", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "min", "", "manual"] # value-numeric
|
||||
- ["java.lang", "Number", "doubleValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "longValue", "()", "manual"] # taint-numeric
|
||||
- ["java.lang", "String", "valueOf", "(int)", "manual"] # taint-numeric
|
||||
- ["java.lang", "String", "valueOf", "(long)", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "doubleToLongBits", "(double)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "parseDouble", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Double", "valueOf", "(double)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "Integer", "(int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "intValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "parseInt", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toHexString", "(int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "toString", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Integer", "valueOf", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "Long", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "intValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "longValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "parseLong", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "toString", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Long", "valueOf", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Math", "max", "", "summary", "manual"] # value-numeric
|
||||
- ["java.lang", "Math", "min", "", "summary", "manual"] # value-numeric
|
||||
- ["java.lang", "Number", "doubleValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "intValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "Number", "longValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "String", "valueOf", "(int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.lang", "String", "valueOf", "(long)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -4,7 +4,7 @@ extensions:
|
||||
extensible: neutralModel
|
||||
data:
|
||||
# The below models may be changed to taint steps for an unsafe reflection query in the future.
|
||||
- ["java.lang.reflect", "Constructor", "newInstance", "(Object[])", "manual"]
|
||||
- ["java.lang.reflect", "Field", "get", "(Object)", "manual"]
|
||||
- ["java.lang.reflect", "Method", "getName", "()", "manual"]
|
||||
- ["java.lang.reflect", "Method", "invoke", "(Object,Object[])", "manual"]
|
||||
- ["java.lang.reflect", "Constructor", "newInstance", "(Object[])", "summary", "manual"]
|
||||
- ["java.lang.reflect", "Field", "get", "(Object)", "summary", "manual"]
|
||||
- ["java.lang.reflect", "Method", "getName", "()", "summary", "manual"]
|
||||
- ["java.lang.reflect", "Method", "invoke", "(Object,Object[])", "summary", "manual"]
|
||||
|
||||
@@ -3,20 +3,20 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.math", "BigDecimal", "compareTo", "(BigDecimal)", "manual"]
|
||||
- ["java.math", "BigDecimal", "compareTo", "(BigDecimal)", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.math", "BigDecimal", "BigDecimal", "", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "add", "(BigDecimal)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "doubleValue", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "intValue", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "multiply", "(BigDecimal)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "setScale", "(int,RoundingMode)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "subtract", "(BigDecimal)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toBigInteger", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toString", "()", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "valueOf", "", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "BigInteger", "(String)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "or", "(BigInteger)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "valueOf", "(long)", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "BigDecimal", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "add", "(BigDecimal)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "doubleValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "intValue", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "multiply", "(BigDecimal)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "setScale", "(int,RoundingMode)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "subtract", "(BigDecimal)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toBigInteger", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "toString", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigDecimal", "valueOf", "", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "BigInteger", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "or", "(BigInteger)", "summary", "manual"] # taint-numeric
|
||||
- ["java.math", "BigInteger", "valueOf", "(long)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.nio.charset", "Charset", "name", "()", "manual"]
|
||||
- ["java.nio.charset", "Charset", "name", "()", "summary", "manual"]
|
||||
|
||||
@@ -79,4 +79,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "manual"]
|
||||
- ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"]
|
||||
|
||||
@@ -11,6 +11,6 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.nio", "Buffer", "position", "()", "manual"]
|
||||
- ["java.nio", "Buffer", "remaining", "()", "manual"]
|
||||
- ["java.nio", "ByteBuffer", "allocate", "(int)", "manual"]
|
||||
- ["java.nio", "Buffer", "position", "()", "summary", "manual"]
|
||||
- ["java.nio", "Buffer", "remaining", "()", "summary", "manual"]
|
||||
- ["java.nio", "ByteBuffer", "allocate", "(int)", "summary", "manual"]
|
||||
|
||||
@@ -28,20 +28,20 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.sql", "Connection", "createStatement", "()", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeQuery", "()", "manual"]
|
||||
- ["java.sql", "ResultSet", "next", "()", "manual"]
|
||||
- ["java.sql", "Statement", "close", "()", "manual"]
|
||||
- ["java.sql", "Connection", "createStatement", "()", "summary", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "summary", "manual"]
|
||||
- ["java.sql", "PreparedStatement", "executeQuery", "()", "summary", "manual"]
|
||||
- ["java.sql", "ResultSet", "next", "()", "summary", "manual"]
|
||||
- ["java.sql", "Statement", "close", "()", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "manual"] # value-numeric
|
||||
- ["java.sql", "PreparedStatement", "setLong", "(int,long)", "manual"] # value-numeric
|
||||
- ["java.sql", "ResultSet", "getInt", "(int)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric, potentially interesting for second order SQL injection
|
||||
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "Timestamp", "(long)", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "getTime", "()", "manual"] # taint-numeric
|
||||
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "summary", "manual"] # value-numeric
|
||||
- ["java.sql", "PreparedStatement", "setLong", "(int,long)", "summary", "manual"] # value-numeric
|
||||
- ["java.sql", "ResultSet", "getInt", "(int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getInt", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getLong", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.sql", "ResultSet", "getString", "(int)", "summary", "manual"] # taint-numeric, potentially interesting for second order SQL injection
|
||||
- ["java.sql", "ResultSet", "getTimestamp", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "Timestamp", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.sql", "Timestamp", "getTime", "()", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -5,6 +5,6 @@ extensions:
|
||||
data:
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.text", "DateFormat", "format", "(Date)", "manual"] # taint-numeric
|
||||
- ["java.text", "DateFormat", "parse", "(String)", "manual"] # taint-numeric
|
||||
- ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"] # taint-numeric
|
||||
- ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"] # taint-numeric
|
||||
- ["java.text", "DateFormat", "parse", "(String)", "summary", "manual"] # taint-numeric
|
||||
- ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -3,4 +3,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.time.chrono", "ChronoZonedDateTime", "toInstant", "()", "manual"]
|
||||
- ["java.time.chrono", "ChronoZonedDateTime", "toInstant", "()", "summary", "manual"]
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.time.format", "DateTimeFormatter", "format", "(TemporalAccessor)", "manual"]
|
||||
- ["java.time.format", "DateTimeFormatter", "ofPattern", "(String)", "manual"]
|
||||
- ["java.time.format", "DateTimeFormatter", "format", "(TemporalAccessor)", "summary", "manual"]
|
||||
- ["java.time.format", "DateTimeFormatter", "ofPattern", "(String)", "summary", "manual"]
|
||||
|
||||
@@ -3,23 +3,23 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.time", "Instant", "now", "()", "manual"]
|
||||
- ["java.time", "LocalDate", "now", "()", "manual"]
|
||||
- ["java.time", "LocalDateTime", "now", "()", "manual"]
|
||||
- ["java.time", "ZonedDateTime", "now", "()", "manual"]
|
||||
- ["java.time", "ZoneId", "of", "(String)", "manual"]
|
||||
- ["java.time", "ZoneId", "systemDefault", "()", "manual"]
|
||||
- ["java.time", "Instant", "now", "()", "summary", "manual"]
|
||||
- ["java.time", "LocalDate", "now", "()", "summary", "manual"]
|
||||
- ["java.time", "LocalDateTime", "now", "()", "summary", "manual"]
|
||||
- ["java.time", "ZonedDateTime", "now", "()", "summary", "manual"]
|
||||
- ["java.time", "ZoneId", "of", "(String)", "summary", "manual"]
|
||||
- ["java.time", "ZoneId", "systemDefault", "()", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.time", "Duration", "ofMillis", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofMinutes", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofSeconds", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "toMillis", "()", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "ofEpochMilli", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "parse", "(CharSequence)", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "toEpochMilli", "()", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "plusDays", "(long)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "of", "(int,int,int)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "parse", "(CharSequence)", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDateTime", "of", "(int,int,int,int,int,int)", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofMillis", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofMinutes", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "ofSeconds", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Duration", "toMillis", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "ofEpochMilli", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "parse", "(CharSequence)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "Instant", "toEpochMilli", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "plusDays", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "of", "(int,int,int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDate", "parse", "(CharSequence)", "summary", "manual"] # taint-numeric
|
||||
- ["java.time", "LocalDateTime", "of", "(int,int,int,int,int,int)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -11,17 +11,17 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "AtomicBoolean", "(boolean)", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "compareAndSet", "(boolean,boolean)", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "get", "()", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "set", "(boolean)", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "AtomicBoolean", "(boolean)", "summary", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "compareAndSet", "(boolean,boolean)", "summary", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "get", "()", "summary", "manual"]
|
||||
- ["java.util.concurrent.atomic", "AtomicBoolean", "set", "(boolean)", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "AtomicInteger", "(int)", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "get", "()", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "incrementAndGet", "()", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "AtomicLong", "(long)", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "addAndGet", "(long)", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "get", "()", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "incrementAndGet", "()", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "AtomicInteger", "(int)", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "get", "()", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicInteger", "incrementAndGet", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "AtomicLong", "(long)", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "addAndGet", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "get", "()", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent.atomic", "AtomicLong", "incrementAndGet", "()", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -3,5 +3,5 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.concurrent.locks", "Lock", "lock", "()", "manual"]
|
||||
- ["java.util.concurrent.locks", "Lock", "unlock", "()", "manual"]
|
||||
- ["java.util.concurrent.locks", "Lock", "lock", "()", "summary", "manual"]
|
||||
- ["java.util.concurrent.locks", "Lock", "unlock", "()", "summary", "manual"]
|
||||
|
||||
@@ -32,15 +32,15 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.concurrent", "CompletableFuture", "completeExceptionally", "(Throwable)", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", "isDone", "()", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "await", "", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "countDown", "()", "manual"]
|
||||
- ["java.util.concurrent", "Executor", "execute", "(Runnable)", "manual"]
|
||||
- ["java.util.concurrent", "ExecutorService", "shutdown", "()", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", "completeExceptionally", "(Throwable)", "summary", "manual"]
|
||||
- ["java.util.concurrent", "CompletableFuture", "isDone", "()", "summary", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "await", "", "summary", "manual"]
|
||||
- ["java.util.concurrent", "CountDownLatch", "countDown", "()", "summary", "manual"]
|
||||
- ["java.util.concurrent", "Executor", "execute", "(Runnable)", "summary", "manual"]
|
||||
- ["java.util.concurrent", "ExecutorService", "shutdown", "()", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.util.concurrent", "CountDownLatch", "CountDownLatch", "(int)", "manual"] # value-numeric
|
||||
- ["java.util.concurrent", "CountDownLatch", "getCount", "()", "manual"] # value-numeric
|
||||
- ["java.util.concurrent", "TimeUnit", "toMillis", "(long)", "manual"] # taint-numeric
|
||||
- ["java.util.concurrent", "CountDownLatch", "CountDownLatch", "(int)", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent", "CountDownLatch", "getCount", "()", "summary", "manual"] # value-numeric
|
||||
- ["java.util.concurrent", "TimeUnit", "toMillis", "(long)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -9,4 +9,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.function", "Function", "identity", "()", "manual"]
|
||||
- ["java.util.function", "Function", "identity", "()", "summary", "manual"]
|
||||
|
||||
@@ -49,4 +49,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.logging", "Logger", "isLoggable", "(Level)", "manual"]
|
||||
- ["java.util.logging", "Logger", "isLoggable", "(Level)", "summary", "manual"]
|
||||
|
||||
@@ -371,75 +371,75 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util", "ArrayList", "ArrayList", "(int)", "manual"]
|
||||
- ["java.util", "ArrayList", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "ArrayList", "size", "()", "manual"]
|
||||
- ["java.util", "Arrays", "toString", "(Object[])", "manual"]
|
||||
- ["java.util", "Calendar", "getInstance", "()", "manual"]
|
||||
- ["java.util", "Collection", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "Collection", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Collection", "size", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptyList", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptyMap", "()", "manual"]
|
||||
- ["java.util", "Collections", "emptySet", "()", "manual"]
|
||||
- ["java.util", "Collections", "sort", "", "manual"]
|
||||
- ["java.util", "Enumeration", "hasMoreElements", "()", "manual"]
|
||||
- ["java.util", "HashMap", "containsKey", "(Object)", "manual"]
|
||||
- ["java.util", "HashMap", "HashMap", "(int)", "manual"]
|
||||
- ["java.util", "HashMap", "size", "()", "manual"]
|
||||
- ["java.util", "HashSet", "HashSet", "(int)", "manual"]
|
||||
- ["java.util", "Iterator", "hasNext", "()", "manual"]
|
||||
- ["java.util", "List", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "List", "equals", "(Object)", "manual"]
|
||||
- ["java.util", "List", "hashCode", "()", "manual"]
|
||||
- ["java.util", "List", "indexOf", "(Object)", "manual"]
|
||||
- ["java.util", "List", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "List", "of", "()", "manual"]
|
||||
- ["java.util", "List", "sort", "(Comparator)", "manual"]
|
||||
- ["java.util", "List", "size", "()", "manual"]
|
||||
- ["java.util", "Locale", "forLanguageTag", "(String)", "manual"]
|
||||
- ["java.util", "Map", "containsKey", "(Object)", "manual"]
|
||||
- ["java.util", "Map", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Map", "size", "()", "manual"]
|
||||
- ["java.util", "Objects", "equals", "(Object,Object)", "manual"]
|
||||
- ["java.util", "Objects", "hash", "(Object[])", "manual"]
|
||||
- ["java.util", "Objects", "hashCode", "(Object)", "manual"]
|
||||
- ["java.util", "Objects", "isNull", "(Object)", "manual"]
|
||||
- ["java.util", "Objects", "nonNull", "(Object)", "manual"]
|
||||
- ["java.util", "Optional", "empty", "()", "manual"]
|
||||
- ["java.util", "Optional", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Optional", "isPresent", "()", "manual"]
|
||||
- ["java.util", "Random", "nextInt", "(int)", "manual"]
|
||||
- ["java.util", "Set", "contains", "(Object)", "manual"]
|
||||
- ["java.util", "Set", "isEmpty", "()", "manual"]
|
||||
- ["java.util", "Set", "size", "()", "manual"]
|
||||
- ["java.util", "UUID", "equals", "(Object)", "manual"]
|
||||
- ["java.util", "UUID", "fromString", "(String)", "manual"]
|
||||
- ["java.util", "UUID", "randomUUID", "()", "manual"]
|
||||
- ["java.util", "UUID", "toString", "()", "manual"]
|
||||
- ["java.util", "TimeZone", "getTimeZone", "(String)", "manual"]
|
||||
- ["java.util", "Vector", "size", "()", "manual"]
|
||||
- ["java.util", "ArrayList", "ArrayList", "(int)", "summary", "manual"]
|
||||
- ["java.util", "ArrayList", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "ArrayList", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "Arrays", "toString", "(Object[])", "summary", "manual"]
|
||||
- ["java.util", "Calendar", "getInstance", "()", "summary", "manual"]
|
||||
- ["java.util", "Collection", "contains", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Collection", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "Collection", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "Collections", "emptyList", "()", "summary", "manual"]
|
||||
- ["java.util", "Collections", "emptyMap", "()", "summary", "manual"]
|
||||
- ["java.util", "Collections", "emptySet", "()", "summary", "manual"]
|
||||
- ["java.util", "Collections", "sort", "", "summary", "manual"]
|
||||
- ["java.util", "Enumeration", "hasMoreElements", "()", "summary", "manual"]
|
||||
- ["java.util", "HashMap", "containsKey", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "HashMap", "HashMap", "(int)", "summary", "manual"]
|
||||
- ["java.util", "HashMap", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "HashSet", "HashSet", "(int)", "summary", "manual"]
|
||||
- ["java.util", "Iterator", "hasNext", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "contains", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "List", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "List", "hashCode", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "indexOf", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "List", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "of", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "sort", "(Comparator)", "summary", "manual"]
|
||||
- ["java.util", "List", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "Locale", "forLanguageTag", "(String)", "summary", "manual"]
|
||||
- ["java.util", "Map", "containsKey", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Map", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "Map", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "Objects", "equals", "(Object,Object)", "summary", "manual"]
|
||||
- ["java.util", "Objects", "hash", "(Object[])", "summary", "manual"]
|
||||
- ["java.util", "Objects", "hashCode", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Objects", "isNull", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Objects", "nonNull", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Optional", "empty", "()", "summary", "manual"]
|
||||
- ["java.util", "Optional", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "Optional", "isPresent", "()", "summary", "manual"]
|
||||
- ["java.util", "Random", "nextInt", "(int)", "summary", "manual"]
|
||||
- ["java.util", "Set", "contains", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Set", "isEmpty", "()", "summary", "manual"]
|
||||
- ["java.util", "Set", "size", "()", "summary", "manual"]
|
||||
- ["java.util", "UUID", "equals", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "UUID", "fromString", "(String)", "summary", "manual"]
|
||||
- ["java.util", "UUID", "randomUUID", "()", "summary", "manual"]
|
||||
- ["java.util", "UUID", "toString", "()", "summary", "manual"]
|
||||
- ["java.util", "TimeZone", "getTimeZone", "(String)", "summary", "manual"]
|
||||
- ["java.util", "Vector", "size", "()", "summary", "manual"]
|
||||
|
||||
# The below APIs are currently being stored as neutral models since `WithoutElement` has not yet been implemented for Java.
|
||||
# When `WithoutElement` is implemented, these should be changed to summary models of the form `Argument[this].WithoutElement -> Argument[this]`.
|
||||
- ["java.util", "Collection", "removeIf", "(Predicate)", "manual"]
|
||||
- ["java.util", "Iterator", "remove", "()", "manual"]
|
||||
- ["java.util", "List", "clear", "()", "manual"]
|
||||
- ["java.util", "List", "remove", "(Object)", "manual"]
|
||||
- ["java.util", "Map", "clear", "()", "manual"]
|
||||
- ["java.util", "Set", "clear", "()", "manual"]
|
||||
- ["java.util", "Set", "remove", "(Object)", "manual"]
|
||||
- ["java.util", "Set", "removeAll", "(Collection)", "manual"]
|
||||
- ["java.util", "Collection", "removeIf", "(Predicate)", "summary", "manual"]
|
||||
- ["java.util", "Iterator", "remove", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "clear", "()", "summary", "manual"]
|
||||
- ["java.util", "List", "remove", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Map", "clear", "()", "summary", "manual"]
|
||||
- ["java.util", "Set", "clear", "()", "summary", "manual"]
|
||||
- ["java.util", "Set", "remove", "(Object)", "summary", "manual"]
|
||||
- ["java.util", "Set", "removeAll", "(Collection)", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.util", "Calendar", "add", "(int,int)", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "get", "(int)", "manual"] # value-numeric
|
||||
- ["java.util", "Calendar", "getTime", "()", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "getTimeInMillis", "()", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "set", "(int,int)", "manual"] # value-numeric
|
||||
- ["java.util", "Calendar", "setTime", "(Date)", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "Date", "(long)", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "getTime", "()", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "from", "(Instant)", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "toInstant", "()", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "add", "(int,int)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "get", "(int)", "summary", "manual"] # value-numeric
|
||||
- ["java.util", "Calendar", "getTime", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "getTimeInMillis", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Calendar", "set", "(int,int)", "summary", "manual"] # value-numeric
|
||||
- ["java.util", "Calendar", "setTime", "(Date)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "Date", "(long)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "getTime", "()", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "from", "(Instant)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util", "Date", "toInstant", "()", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -30,4 +30,4 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.regex", "Matcher", "find", "()", "manual"]
|
||||
- ["java.util.regex", "Matcher", "find", "()", "summary", "manual"]
|
||||
|
||||
@@ -92,11 +92,11 @@ extensions:
|
||||
pack: codeql/java-all
|
||||
extensible: neutralModel
|
||||
data:
|
||||
- ["java.util.stream", "Collectors", "toList", "()", "manual"]
|
||||
- ["java.util.stream", "Collectors", "toSet", "()", "manual"]
|
||||
- ["java.util.stream", "Stream", "count", "()", "manual"]
|
||||
- ["java.util.stream", "Collectors", "toList", "()", "summary", "manual"]
|
||||
- ["java.util.stream", "Collectors", "toSet", "()", "summary", "manual"]
|
||||
- ["java.util.stream", "Stream", "count", "()", "summary", "manual"]
|
||||
|
||||
# The below APIs have numeric flow and are currently being stored as neutral models.
|
||||
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
|
||||
- ["java.util.stream", "IntStream", "mapToObj", "(IntFunction)", "manual"] # taint-numeric
|
||||
- ["java.util.stream", "IntStream", "range", "(int,int)", "manual"] # taint-numeric
|
||||
- ["java.util.stream", "IntStream", "mapToObj", "(IntFunction)", "summary", "manual"] # taint-numeric
|
||||
- ["java.util.stream", "IntStream", "range", "(int,int)", "summary", "manual"] # taint-numeric
|
||||
|
||||
@@ -12,8 +12,8 @@
|
||||
* - Summaries:
|
||||
* `package; type; subtypes; name; signature; ext; input; output; kind; provenance`
|
||||
* - Neutrals:
|
||||
* `package; type; name; signature; provenance`
|
||||
* A neutral is used to indicate that there is no flow via a callable.
|
||||
* `package; type; name; signature; kind; provenance`
|
||||
* A neutral is used to indicate that a callable is neutral with respect to flow (no summary), source (is not a source) or sink (is not a sink).
|
||||
*
|
||||
* The interpretation of a row is similar to API-graphs with a left-to-right
|
||||
* reading.
|
||||
@@ -65,7 +65,9 @@
|
||||
* which classes the interpreted elements should be added. For example, for
|
||||
* sources "remote" indicates a default remote flow source, and for summaries
|
||||
* "taint" indicates a default additional taint step and "value" indicates a
|
||||
* globally applicable value-preserving step.
|
||||
* globally applicable value-preserving step. For neutrals the kind can be `summary`,
|
||||
* `source` or `sink` to indicate that the neutral is neutral with respect to
|
||||
* flow (no summary), source (is not a source) or sink (is not a sink).
|
||||
* 9. The `provenance` column is a tag to indicate the origin and verification of a model.
|
||||
* The format is {origin}-{verification} or just "manual" where the origin describes
|
||||
* the origin of the model and verification describes how the model has been verified.
|
||||
@@ -164,8 +166,8 @@ predicate summaryModel(
|
||||
.summaryModel(package, type, subtypes, name, signature, ext, input, output, kind, provenance)
|
||||
}
|
||||
|
||||
/** Holds if a neutral model exists indicating there is no flow for the given parameters. */
|
||||
predicate neutralModel = Extensions::neutralModel/5;
|
||||
/** Holds if a neutral model exists for the given parameters. */
|
||||
predicate neutralModel = Extensions::neutralModel/6;
|
||||
|
||||
private predicate relevantPackage(string package) {
|
||||
sourceModel(package, _, _, _, _, _, _, _, _) or
|
||||
@@ -288,6 +290,11 @@ module ModelValidation {
|
||||
not kind.matches("qltest%") and
|
||||
result = "Invalid kind \"" + kind + "\" in source model."
|
||||
)
|
||||
or
|
||||
exists(string kind | neutralModel(_, _, _, _, kind, _) |
|
||||
not kind = ["summary", "source", "sink"] and
|
||||
result = "Invalid kind \"" + kind + "\" in neutral model."
|
||||
)
|
||||
}
|
||||
|
||||
private string getInvalidModelSignature() {
|
||||
@@ -302,7 +309,7 @@ module ModelValidation {
|
||||
summaryModel(package, type, _, name, signature, ext, _, _, _, provenance) and
|
||||
pred = "summary"
|
||||
or
|
||||
neutralModel(package, type, name, signature, provenance) and
|
||||
neutralModel(package, type, name, signature, _, provenance) and
|
||||
ext = "" and
|
||||
pred = "neutral"
|
||||
|
|
||||
@@ -346,7 +353,7 @@ private predicate elementSpec(
|
||||
or
|
||||
summaryModel(package, type, subtypes, name, signature, ext, _, _, _, _)
|
||||
or
|
||||
neutralModel(package, type, name, signature, _) and ext = "" and subtypes = false
|
||||
neutralModel(package, type, name, signature, _, _) and ext = "" and subtypes = false
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -27,10 +27,10 @@ extensible predicate summaryModel(
|
||||
);
|
||||
|
||||
/**
|
||||
* Holds if a neutral model exists indicating there is no flow for the given parameters.
|
||||
* Holds if a neutral model exists for the given parameters.
|
||||
*/
|
||||
extensible predicate neutralModel(
|
||||
string package, string type, string name, string signature, string provenance
|
||||
string package, string type, string name, string signature, string kind, string provenance
|
||||
);
|
||||
|
||||
/**
|
||||
|
||||
@@ -335,7 +335,7 @@ module Public {
|
||||
class NeutralCallable extends SummarizedCallableBase {
|
||||
private Provenance provenance;
|
||||
|
||||
NeutralCallable() { neutralElement(this, provenance) }
|
||||
NeutralCallable() { neutralSummaryElement(this, provenance) }
|
||||
|
||||
/**
|
||||
* Holds if the neutral is auto generated.
|
||||
|
||||
@@ -154,12 +154,12 @@ predicate summaryElement(
|
||||
}
|
||||
|
||||
/**
|
||||
* Holds if a neutral model exists for `c` with provenance `provenance`,
|
||||
* Holds if a neutral summary model exists for `c` with provenance `provenance`,
|
||||
* which means that there is no flow through `c`.
|
||||
*/
|
||||
predicate neutralElement(SummarizedCallableBase c, string provenance) {
|
||||
predicate neutralSummaryElement(SummarizedCallableBase c, string provenance) {
|
||||
exists(string namespace, string type, string name, string signature |
|
||||
neutralModel(namespace, type, name, signature, provenance) and
|
||||
neutralModel(namespace, type, name, signature, "summary", provenance) and
|
||||
c.asCallable() = interpretElement(namespace, type, false, name, signature, "")
|
||||
)
|
||||
}
|
||||
|
||||
@@ -7,8 +7,9 @@
|
||||
import java
|
||||
import semmle.code.java.dataflow.ExternalFlow
|
||||
|
||||
from string package, string type, string name, string signature, string provenance
|
||||
from string package, string type, string name, string signature, string kind, string provenance
|
||||
where
|
||||
neutralModel(package, type, name, signature, provenance) and
|
||||
neutralModel(package, type, name, signature, kind, provenance) and
|
||||
not provenance.matches("%generated")
|
||||
select package, type, name, signature, provenance order by package, type, name, signature
|
||||
select package, type, name, signature, kind, provenance order by
|
||||
package, type, name, signature, kind
|
||||
|
||||
@@ -25,8 +25,11 @@ module PrintingImpl<PrintingSig Printing> {
|
||||
+ Printing::getProvenance()
|
||||
}
|
||||
|
||||
string asNeutralModel(Printing::Api api) {
|
||||
result = asPartialNeutralModel(api) + Printing::getProvenance()
|
||||
string asNeutralSummaryModel(Printing::Api api) {
|
||||
result =
|
||||
asPartialNeutralModel(api) //
|
||||
+ "summary" + ";" //
|
||||
+ Printing::getProvenance()
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -78,5 +78,5 @@ string captureFlow(DataFlowTargetApi api) {
|
||||
*/
|
||||
string captureNoFlow(DataFlowTargetApi api) {
|
||||
not exists(captureFlow(api)) and
|
||||
result = ModelPrinting::asNeutralModel(api)
|
||||
result = ModelPrinting::asNeutralSummaryModel(api)
|
||||
}
|
||||
|
||||
@@ -1,26 +1,26 @@
|
||||
| p;Factory;getIntValue;();df-generated |
|
||||
| p;FinalClass;returnsConstant;();df-generated |
|
||||
| p;FluentAPI$Inner;notThis;(String);df-generated |
|
||||
| p;ImmutablePojo;getX;();df-generated |
|
||||
| p;Joiner;length;();df-generated |
|
||||
| p;ParamFlow;ignorePrimitiveReturnValue;(String);df-generated |
|
||||
| p;ParamFlow;mapType;(Class);df-generated |
|
||||
| p;Pojo;doNotSetValue;(String);df-generated |
|
||||
| p;Pojo;getBigDecimal;();df-generated |
|
||||
| p;Pojo;getBigInt;();df-generated |
|
||||
| p;Pojo;getBoxedArray;();df-generated |
|
||||
| p;Pojo;getBoxedCollection;();df-generated |
|
||||
| p;Pojo;getBoxedValue;();df-generated |
|
||||
| p;Pojo;getFloatArray;();df-generated |
|
||||
| p;Pojo;getIntValue;();df-generated |
|
||||
| p;Pojo;getPrimitiveArray;();df-generated |
|
||||
| p;PrivateFlowViaPublicInterface$SPI;openStream;();df-generated |
|
||||
| p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();df-generated |
|
||||
| p;PrivateFlowViaPublicInterface;createAnSPIWithoutTrackingFile;(File);df-generated |
|
||||
| p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);df-generated |
|
||||
| p;Sinks;propagate;(String);df-generated |
|
||||
| p;Sinks;readUrl;(URL,Charset);df-generated |
|
||||
| p;Sources;readUrl;(URL);df-generated |
|
||||
| p;Sources;socketStream;();df-generated |
|
||||
| p;Sources;sourceToParameter;(InputStream[],List);df-generated |
|
||||
| p;Sources;wrappedSocketStream;();df-generated |
|
||||
| p;Factory;getIntValue;();summary;df-generated |
|
||||
| p;FinalClass;returnsConstant;();summary;df-generated |
|
||||
| p;FluentAPI$Inner;notThis;(String);summary;df-generated |
|
||||
| p;ImmutablePojo;getX;();summary;df-generated |
|
||||
| p;Joiner;length;();summary;df-generated |
|
||||
| p;ParamFlow;ignorePrimitiveReturnValue;(String);summary;df-generated |
|
||||
| p;ParamFlow;mapType;(Class);summary;df-generated |
|
||||
| p;Pojo;doNotSetValue;(String);summary;df-generated |
|
||||
| p;Pojo;getBigDecimal;();summary;df-generated |
|
||||
| p;Pojo;getBigInt;();summary;df-generated |
|
||||
| p;Pojo;getBoxedArray;();summary;df-generated |
|
||||
| p;Pojo;getBoxedCollection;();summary;df-generated |
|
||||
| p;Pojo;getBoxedValue;();summary;df-generated |
|
||||
| p;Pojo;getFloatArray;();summary;df-generated |
|
||||
| p;Pojo;getIntValue;();summary;df-generated |
|
||||
| p;Pojo;getPrimitiveArray;();summary;df-generated |
|
||||
| p;PrivateFlowViaPublicInterface$SPI;openStream;();summary;df-generated |
|
||||
| p;PrivateFlowViaPublicInterface$SPI;openStreamNone;();summary;df-generated |
|
||||
| p;PrivateFlowViaPublicInterface;createAnSPIWithoutTrackingFile;(File);summary;df-generated |
|
||||
| p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated |
|
||||
| p;Sinks;propagate;(String);summary;df-generated |
|
||||
| p;Sinks;readUrl;(URL,Charset);summary;df-generated |
|
||||
| p;Sources;readUrl;(URL);summary;df-generated |
|
||||
| p;Sources;socketStream;();summary;df-generated |
|
||||
| p;Sources;sourceToParameter;(InputStream[],List);summary;df-generated |
|
||||
| p;Sources;wrappedSocketStream;();summary;df-generated |
|
||||
|
||||
Reference in New Issue
Block a user