hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 08:43:11 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
44295e4c7d21e2b1d67376456a6f42db9da9cce4
codeql/java/ql/lib/ext/hudson.model.yml
Owen Mansel-Chan 44295e4c7d Convert XSS barrier to MaD
2025-12-11 16:24:28 +01:00

89 lines
8.1 KiB
YAML
Raw Blame History

extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["hudson", "FilePath", False, "tar", "(OutputStream,String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", False, "unzipFrom", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyFrom", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "", "", "Argument[this]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String,FilePath$TarCompression)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyTo", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "copyToWithPermission", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "copyToWithPermission", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["hudson", "FilePath", True, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["hudson", "FilePath", True, "openInputStream", "(File,OpenOption[])", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "read", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "read", "(FilePath,OpenOption[])", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "readFromOffset", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "readToString", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "renameTo", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "renameTo", "", "", "Argument[0]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "write", "", "", "Argument[this]", "path-injection", "manual"]
- ["hudson", "FilePath", True, "write", "(String,String)", "", "Argument[0]", "file-content-store", "manual"]
- ["hudson", "Launcher$ProcStarter", False, "cmds", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher$ProcStarter", False, "cmdAsSingleString", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher$ProcStarter", False, "envs", "(String[])", "", "Argument[0]", "environment-injection", "manual"]
- ["hudson", "Launcher", True, "launch", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher", True, "decorateByEnv", "(String[])", "", "Argument[0]", "environment-injection", "manual"]
- ["hudson", "Launcher", True, "launchChannel", "", "", "Argument[0]", "command-injection", "manual"]
- ["hudson", "Launcher", True, "launchChannel", "", "", "Argument[3]", "environment-injection", "manual"]
- ["hudson", "XmlFile", False, "XmlFile", "(XStream,File)", "", "Argument[1]", "path-injection", "ai-manual"]
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "", "", "ReturnValue", "file", "manual"]
- ["hudson", "FilePath", False, "openInputStream", "", "", "ReturnValue", "file", "manual"]
- ["hudson", "FilePath", False, "read", "", "", "ReturnValue", "file", "manual"]
- ["hudson", "FilePath", False, "readFromOffset", "", "", "ReturnValue", "file", "manual"]
- ["hudson", "FilePath", False, "readToString", "", "", "ReturnValue", "file", "manual"]
- ["hudson", "Plugin", True, "configure", "", "", "Parameter", "remote", "manual"]
- ["hudson", "Plugin", True, "newInstance", "", "", "Parameter", "remote", "manual"]
- addsTo:
pack: codeql/java-all
extensible: barrierModel
data:
- ["hudson", "Util", True, "escape", "(String)", "", "ReturnValue", "html-injection", "manual"]
# Not including xmlEscape because it only accounts for >, <, and &. It does not account for ", or ', which makes it an incomplete XSS sanitizer.
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["hudson", "FilePath", True, "FilePath", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "FilePath", "(FilePath,String)", "", "Argument[0..1]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "FilePath", "(VirtualChannel,String)", "", "Argument[1]", "Argument[this]", "taint", "manual"]
- ["hudson", "FilePath", True, "child", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String,String,boolean)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String,String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "list", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "normalize", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "FilePath", True, "sibling", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["hudson", "Util", True, "nullify", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixNull", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixEmpty", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fixEmptyAndTrim", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "getFileName", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "join", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "encodeRFC2396", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "wrapToErrorSpan", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fileToPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "xmlEscape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "escape", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "singleQuote", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "rawEncode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "encode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "fromHexString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "toHexString", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["hudson", "Util", True, "tokenize", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
Reference in New Issue View Git Blame Copy Permalink