Skip to content

Commit

Permalink
Merge pull request #15486 from github/java/update-mad-decls-after-tri…
Browse files Browse the repository at this point in the history 
…age-2024-01-31T11-16-45

Java: Update MaD Declarations after Triage
  • Loading branch information
@max-schaefer
max-schaefer authored Feb 9, 2024
2 parents a42c845 + fb10967 commit 93990ec
Show file tree
Hide file tree
Showing 12 changed files with 44 additions and 1 deletion.
17 changes: 17 additions & 0 deletions java/ql/lib/change-notes/2024-01-31-new-models.md
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
---
category: minorAnalysis
---
* Added models for the following packages:

* java.io
* java.lang
* java.net
* java.net.http
* java.nio.file
* java.util.zip
* javax.servlet
* org.apache.commons.io
* org.apache.hadoop.fs
* org.apache.hadoop.fs.s3a
* org.eclipse.jetty.client
* org.gradle.api.file
3 changes: 2 additions & 1 deletion java/ql/lib/ext/java.io.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@ extensions:
- ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"]
- ["java.io", "File", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"]
- ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.io", "File", True, "renameTo", "(File)", "", "Argument[this]", "path-injection", "ai-manual"]
- ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.io", "FileInputStream", True, "FileInputStream", "(FileDescriptor)", "", "Argument[0]", "path-injection", "manual"]
- ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
Expand Down Expand Up @@ -131,4 +132,4 @@ extensions:
pack: codeql/java-all
extensible: sourceModel
data:
- ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"]
- ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"]
5 changes: 5 additions & 0 deletions java/ql/lib/ext/java.lang.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,10 @@ extensions:
data:
- ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", False, "getSystemResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"]
Expand All @@ -14,6 +18,7 @@ extensions:
- ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "redirectError", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "ProcessBuilder", False, "redirectOutput", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
- ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-manual"]
Expand Down
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.net.http.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,5 +8,6 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["java.net.http", "HttpClient", True, "send", "(HttpRequest,HttpResponse$BodyHandler)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["java.net.http", "HttpRequest", False, "newBuilder", "", "", "Argument[0]", "request-forgery", "manual"]
- ["java.net.http", "HttpRequest$Builder", False, "uri", "", "", "Argument[0]", "request-forgery", "manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.net.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ extensions:
- ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
- ["java.net", "URI", False, "resolve", "(URI)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["java.net", "URI", False, "URI", "(String,String,String,int,String,String,String)", "", "Argument[5]", "Argument[this].SyntheticField[java.net.URI.query]", "taint", "ai-manual"]
- ["java.net", "URI", False, "URI", "(String,String,String)", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"]
- ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
Expand Down
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.nio.file.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -62,6 +62,7 @@ extensions:
- ["java.nio.file", "FileSystem", True, "getPath", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"]
- ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
- ["java.nio.file", "FileSystems", False, "getFileSystem", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.nio.file", "Path", True, "getFileName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
- ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
Expand Down
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.util.zip.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@ extensions:
data:
- ["java.util.zip", "GZIPInputStream", False, "GZIPInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- ["java.util.zip", "ZipEntry", True, "ZipEntry", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.util.zip", "ZipFile", True, "getInputStream", "(ZipEntry)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["java.util.zip", "ZipInputStream", False, "ZipInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
- addsTo:
pack: codeql/java-all
Expand Down
1 change: 1 addition & 0 deletions java/ql/lib/ext/org.apache.commons.io.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@ extensions:
- ["org.apache.commons.io", "FileUtils", False, "forceMkdir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", False, "moveDirectory", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", False, "readFileToByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", False, "readFileToString", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", False, "writeLines", "(File,String,Collection,String)", "", "Argument[3]", "file-content-store", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", False, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[1]", "file-content-store", "ai-manual"]
- ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"]
Expand Down
7 changes: 7 additions & 0 deletions java/ql/lib/ext/org.apache.hadoop.fs.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,6 +3,7 @@ extensions:
pack: codeql/java-all
extensible: summaryModel
data:
- ["org.apache.hadoop.fs", "FileSystem", True, "makeQualified", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
- ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,Path)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"]
- ["org.apache.hadoop.fs", "Path", True, "Path", "(Path,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
Expand All @@ -13,3 +14,9 @@ extensions:
- ["org.apache.hadoop.fs", "Path", True, "Path", "(String,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"]
- ["org.apache.hadoop.fs", "Path", True, "Path", "(String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
- ["org.apache.hadoop.fs", "Path", True, "Path", "(URI)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.apache.hadoop.fs", "FileSystem", True, "rename", "(Path,Path)", "", "Argument[0]", "path-injection", "ai-manual"]
- ["org.apache.hadoop.fs", "FileSystem", True, "rename", "(Path,Path)", "", "Argument[1]", "path-injection", "ai-manual"]
6 changes: 6 additions & 0 deletions java/ql/lib/ext/org.apache.hadoop.fs.s3a.model.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.apache.hadoop.fs.s3a", "WriteOperationHelper", True, "createPutObjectRequest", "(String,File)", "", "Argument[1]", "path-injection", "ai-manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/org.eclipse.jetty.client.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,4 +3,5 @@ extensions:
pack: codeql/java-all
extensible: sinkModel
data:
- ["org.eclipse.jetty.client", "HttpClient", True, "GET", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"]
- ["org.eclipse.jetty.client", "HttpClient", True, "newRequest", "(String)", "", "Argument[0]", "request-forgery", "ai-manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/org.gradle.api.file.model.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,4 +4,5 @@ extensions:
extensible: summaryModel
data:
- ["org.gradle.api.file", "Directory", True, "getAsFile", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
- ["org.gradle.api.file", "DirectoryProperty", True, "dir", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]
- ["org.gradle.api.file", "DirectoryProperty", True, "file", "(String)", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]

0 comments on commit 93990ec

Please sign in to comment.