hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
dd31be43e07d901bafb543c8f65be8e9b5abb364
codeql/java/ql/lib/ext/java.sql.model.yml
Jami Cogswell 6bb865ad05 Java: make numeric flow models neutral
2023-01-11 18:04:43 -05:00

35 lines
2.1 KiB
YAML
Raw Blame History

extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["java.sql", "Connection", True, "prepareCall", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Connection", True, "prepareStatement", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Driver", False, "connect", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
- ["java.sql", "DriverManager", False, "getConnection", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
- ["java.sql", "DriverManager", False, "getConnection", "(String,Properties)", "", "Argument[0]", "jdbc-url", "manual"]
- ["java.sql", "DriverManager", False, "getConnection", "(String,String,String)", "", "Argument[0]", "jdbc-url", "manual"]
- ["java.sql", "Statement", True, "addBatch", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "execute", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql", "manual"]
- ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[-1]", "value", "manual"]
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
- addsTo:
pack: codeql/java-all
extensible: neutralModel
data:
- ["java.sql", "ResultSet", "next", "()", "manual"]
# The below APIs have numeric flow and are currently being stored as neutral models.
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "manual"] # value-numeric
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
Reference in New Issue View Git Blame Copy Permalink