hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 15:55:18 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add manual neutral models for java.text.Format and java.text.MessageFormat

Browse Source 
See comment in java/ql/src/Metrics/Summaries/TopJdkApis.qll

   * Note: the following top JDK APIs are not modeled with MaD:
   * `java.text.Format#format(Object)`: similar issue as `Object.toString`; depends on the object being passed as the argument
   * `java.text.MessageFormat#format(String,Object[])`: similar issue as `Object.toString`; depends on the object being passed as the argument
This commit is contained in:
Owen Mansel-Chan
2024-02-27 16:20:39 +00:00
parent 0e95f41900
commit f907fd21ad
1 changed files with 3 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
java/ql/lib/ext/java.text.model.yml
View File

@@ -3,6 +3,9 @@ extensions:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.text", "Format", "format", "", "summary", "manual"] # similar issue as `Object.toString`; depends on the object being passed as the argument
- ["java.text", "MessageFormat", "format", "", "summary", "manual"] # similar issue as `Object.toString`; depends on the object being passed as the argument
# summary neutrals
# The below APIs have numeric flow and are currently being stored as neutral models.
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.