Skip to content

Commit e6800c8

Browse files
author
Benjamin Muskalla
committed
Merge Lang3 rows
1 parent 736e688 commit e6800c8

File tree

1 file changed

+9
-154
lines changed

1 file changed

+9
-154
lines changed

java/ql/lib/semmle/code/java/frameworks/apache/Lang3Generated.qll

Lines changed: 9 additions & 154 deletions
Original file line numberDiff line numberDiff line change
@@ -3,10 +3,7 @@
33
import java
44
private import semmle.code.java.dataflow.ExternalFlow
55

6-
/**
7-
* Taint-propagating models for `ArrayUtils`.
8-
*/
9-
private class ApacheArrayUtilsModel extends SummaryModelCsv {
6+
private class ApacheCommonsLang3Model extends SummaryModelCsv {
107
override predicate row(string row) {
118
row =
129
[
@@ -44,24 +41,8 @@ private class ApacheArrayUtilsModel extends SummaryModelCsv {
4441
"org.apache.commons.lang3;ArrayUtils;false;toMap;;;ArrayElement of ArrayElement of Argument[0];MapValue of ReturnValue;value",
4542
"org.apache.commons.lang3;ArrayUtils;false;toObject;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
4643
"org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;ArrayElement of Argument[0];ArrayElement of ReturnValue;value",
47-
"org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[1];ArrayElement of ReturnValue;value"
48-
]
49-
}
50-
}
51-
52-
private class ApacheStringEscapeUtilsModel extends SummaryModelCsv {
53-
override predicate row(string row) {
54-
row =
55-
[
56-
"org.apache.commons.lang3;StringEscapeUtils;false;escapeJson;;;Argument[0];ReturnValue;taint"
57-
]
58-
}
59-
}
60-
61-
private class ApacheStringUtilsModel extends SummaryModelCsv {
62-
override predicate row(string row) {
63-
row =
64-
[
44+
"org.apache.commons.lang3;ArrayUtils;false;toPrimitive;;;Argument[1];ArrayElement of ReturnValue;value",
45+
"org.apache.commons.lang3;StringEscapeUtils;false;escapeJson;;;Argument[0];ReturnValue;taint",
6546
"org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int);;Argument[1];ReturnValue;taint",
6647
"org.apache.commons.lang3;StringUtils;false;abbreviate;(java.lang.String,java.lang.String,int,int);;Argument[1];ReturnValue;taint",
6748
"org.apache.commons.lang3;StringUtils;false;abbreviate;;;Argument[0];ReturnValue;taint",
@@ -204,15 +185,7 @@ private class ApacheStringUtilsModel extends SummaryModelCsv {
204185
"org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,char);;Argument[0];ReturnValue;taint",
205186
"org.apache.commons.lang3;StringUtils;false;wrap;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint",
206187
"org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,char);;Argument[0];ReturnValue;taint",
207-
"org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint"
208-
]
209-
}
210-
}
211-
212-
private class ApacheStrBuilderModel extends SummaryModelCsv {
213-
override predicate row(string row) {
214-
row =
215-
[
188+
"org.apache.commons.lang3;StringUtils;false;wrapIfMissing;(java.lang.String,java.lang.String);;Argument[0..1];ReturnValue;taint",
216189
"org.apache.commons.lang3.text;StrBuilder;false;StrBuilder;(java.lang.String);;Argument[0];Argument[-1];taint",
217190
"org.apache.commons.lang3.text;StrBuilder;false;append;(char[]);;Argument[0];Argument[-1];taint",
218191
"org.apache.commons.lang3.text;StrBuilder;false;append;(char[],int,int);;Argument[0];Argument[-1];taint",
@@ -287,14 +260,6 @@ private class ApacheStrBuilderModel extends SummaryModelCsv {
287260
"org.apache.commons.lang3.text;StrBuilder;false;toString;;;Argument[-1];ReturnValue;taint",
288261
"org.apache.commons.lang3.text;StrBuilder;false;toStringBuffer;;;Argument[-1];ReturnValue;taint",
289262
"org.apache.commons.lang3.text;StrBuilder;false;toStringBuilder;;;Argument[-1];ReturnValue;taint",
290-
]
291-
}
292-
}
293-
294-
private class ApacheStrBuilderFluentMethodsModel extends SummaryModelCsv {
295-
override predicate row(string row) {
296-
row =
297-
[
298263
"org.apache.commons.lang3.text;StrBuilder;false;append;;;Argument[-1];ReturnValue;value",
299264
"org.apache.commons.lang3.text;StrBuilder;false;appendAll;;;Argument[-1];ReturnValue;value",
300265
"org.apache.commons.lang3.text;StrBuilder;false;appendFixedWidthPadLeft;;;Argument[-1];ReturnValue;value",
@@ -321,17 +286,6 @@ private class ApacheStrBuilderFluentMethodsModel extends SummaryModelCsv {
321286
"org.apache.commons.lang3.text;StrBuilder;false;setNewLineText;;;Argument[-1];ReturnValue;value",
322287
"org.apache.commons.lang3.text;StrBuilder;false;setNullText;;;Argument[-1];ReturnValue;value",
323288
"org.apache.commons.lang3.text;StrBuilder;false;trim;;;Argument[-1];ReturnValue;value",
324-
]
325-
}
326-
}
327-
328-
/**
329-
* Taint-propagating models for `WordUtils`.
330-
*/
331-
private class ApacheWordUtilsModel extends SummaryModelCsv {
332-
override predicate row(string row) {
333-
row =
334-
[
335289
"org.apache.commons.lang3.text;WordUtils;false;wrap;;;Argument[0];ReturnValue;taint",
336290
"org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean);;Argument[2];ReturnValue;taint",
337291
"org.apache.commons.lang3.text;WordUtils;false;wrap;(java.lang.String,int,java.lang.String,boolean,java.lang.String);;Argument[2];ReturnValue;taint",
@@ -344,17 +298,6 @@ private class ApacheWordUtilsModel extends SummaryModelCsv {
344298
"org.apache.commons.lang3.text;WordUtils;false;initials;(java.lang.String,char[]);;Argument[0];ReturnValue;taint",
345299
"org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String);;Argument[0];ReturnValue;taint",
346300
"org.apache.commons.lang3.text;WordUtils;false;capitalizeFully;(java.lang.String,char[]);;Argument[0];ReturnValue;taint",
347-
]
348-
}
349-
}
350-
351-
/**
352-
* Taint-propagating models for `StrTokenizer`.
353-
*/
354-
private class ApacheStrTokenizerModel extends SummaryModelCsv {
355-
override predicate row(string row) {
356-
row =
357-
[
358301
"org.apache.commons.lang3.text;StrTokenizer;false;StrTokenizer;;;Argument[0];Argument[-1];taint",
359302
"org.apache.commons.lang3.text;StrTokenizer;false;clone;;;Argument[-1];ReturnValue;taint",
360303
"org.apache.commons.lang3.text;StrTokenizer;false;toString;;;Argument[-1];ReturnValue;taint",
@@ -369,30 +312,8 @@ private class ApacheStrTokenizerModel extends SummaryModelCsv {
369312
"org.apache.commons.lang3.text;StrTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint",
370313
"org.apache.commons.lang3.text;StrTokenizer;false;getTSVInstance;;;Argument[0];ReturnValue;taint",
371314
"org.apache.commons.lang3.text;StrTokenizer;false;getCSVInstance;;;Argument[0];ReturnValue;taint",
372-
]
373-
}
374-
}
375-
376-
/**
377-
* Taint-propagating models for `StrLookup`.
378-
*/
379-
private class ApacheStrLookupModel extends SummaryModelCsv {
380-
override predicate row(string row) {
381-
row =
382-
[
383315
"org.apache.commons.lang3.text;StrLookup;false;lookup;;;Argument[-1];ReturnValue;taint",
384316
"org.apache.commons.lang3.text;StrLookup;false;mapLookup;;;MapValue of Argument[0];ReturnValue;taint",
385-
]
386-
}
387-
}
388-
389-
/**
390-
* Taint-propagating models for `StrSubstitutor`.
391-
*/
392-
private class ApacheStrSubstitutorModel extends SummaryModelCsv {
393-
override predicate row(string row) {
394-
row =
395-
[
396317
"org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;Argument[0];Argument[-1];taint",
397318
"org.apache.commons.lang3.text;StrSubstitutor;false;StrSubstitutor;;;MapValue of Argument[0];Argument[-1];taint",
398319
"org.apache.commons.lang3.text;StrSubstitutor;false;replace;;;Argument[-1];ReturnValue;taint",
@@ -420,17 +341,6 @@ private class ApacheStrSubstitutorModel extends SummaryModelCsv {
420341
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder);;Argument[-1];Argument[0];taint",
421342
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(java.lang.StringBuilder,int,int);;Argument[-1];Argument[0];taint",
422343
"org.apache.commons.lang3.text;StrSubstitutor;false;replaceIn;(org.apache.commons.lang3.text.StrBuilder,int,int);;Argument[-1];Argument[0];taint",
423-
]
424-
}
425-
}
426-
427-
/**
428-
* Taint-propagating models for `RegexUtils`.
429-
*/
430-
private class ApacheRegExUtilsModel extends SummaryModelCsv {
431-
override predicate row(string row) {
432-
row =
433-
[
434344
"org.apache.commons.lang3;RegExUtils;false;removeAll;;;Argument[0];ReturnValue;taint",
435345
"org.apache.commons.lang3;RegExUtils;false;removeFirst;;;Argument[0];ReturnValue;taint",
436346
"org.apache.commons.lang3;RegExUtils;false;removePattern;;;Argument[0];ReturnValue;taint",
@@ -439,20 +349,7 @@ private class ApacheRegExUtilsModel extends SummaryModelCsv {
439349
"org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[0];ReturnValue;taint",
440350
"org.apache.commons.lang3;RegExUtils;false;replaceAll;;;Argument[2];ReturnValue;taint",
441351
"org.apache.commons.lang3;RegExUtils;false;replaceFirst;;;Argument[2];ReturnValue;taint",
442-
"org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[2];ReturnValue;taint"
443-
]
444-
}
445-
}
446-
447-
/**
448-
* Taint-propagating models for `ObjectUtils`.
449-
*/
450-
private class ApacheObjectUtilsModel extends SummaryModelCsv {
451-
override predicate row(string row) {
452-
row =
453-
[
454-
// Note all the functions annotated with `taint` flow really should have `value` flow,
455-
// but we don't support value-preserving varargs functions at the moment.
352+
"org.apache.commons.lang3;RegExUtils;false;replacePattern;;;Argument[2];ReturnValue;taint",
456353
"org.apache.commons.lang3;ObjectUtils;false;clone;;;Argument[0];ReturnValue;value",
457354
"org.apache.commons.lang3;ObjectUtils;false;cloneIfPossible;;;Argument[0];ReturnValue;value",
458355
"org.apache.commons.lang3;ObjectUtils;false;CONST;;;Argument[0];ReturnValue;value",
@@ -466,15 +363,7 @@ private class ApacheObjectUtilsModel extends SummaryModelCsv {
466363
"org.apache.commons.lang3;ObjectUtils;false;min;;;ArrayElement of Argument[0];ReturnValue;value",
467364
"org.apache.commons.lang3;ObjectUtils;false;mode;;;ArrayElement of Argument[0];ReturnValue;value",
468365
"org.apache.commons.lang3;ObjectUtils;false;requireNonEmpty;;;Argument[0];ReturnValue;value",
469-
"org.apache.commons.lang3;ObjectUtils;false;toString;(Object,String);;Argument[1];ReturnValue;value"
470-
]
471-
}
472-
}
473-
474-
private class ApacheToStringBuilderModel extends SummaryModelCsv {
475-
override predicate row(string row) {
476-
row =
477-
[
366+
"org.apache.commons.lang3;ObjectUtils;false;toString;(Object,String);;Argument[1];ReturnValue;value",
478367
"org.apache.commons.lang3.builder;ToStringBuilder;false;toString;;;Argument[-1];ReturnValue;taint",
479368
"org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object);;Argument[0];Argument[-1];taint",
480369
"org.apache.commons.lang3.builder;ToStringBuilder;false;append;(java.lang.Object[]);;ArrayElement of Argument[0];Argument[-1];taint",
@@ -488,22 +377,10 @@ private class ApacheToStringBuilderModel extends SummaryModelCsv {
488377
"org.apache.commons.lang3.builder;ToStringBuilder;false;getStringBuffer;;;Argument[-1];ReturnValue;taint",
489378
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[0];Argument[-1];taint",
490379
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[0];Argument[-1];taint",
491-
// The following are value-preserving steps for fluent methods:
492380
"org.apache.commons.lang3.builder;ToStringBuilder;false;append;;;Argument[-1];ReturnValue;value",
493381
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendAsObjectToString;;;Argument[-1];ReturnValue;value",
494382
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendSuper;;;Argument[-1];ReturnValue;value",
495-
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[-1];ReturnValue;value"
496-
]
497-
}
498-
}
499-
500-
/**
501-
* Value-propagating models for `Pair`, `ImmutablePair` and `MutablePair`.
502-
*/
503-
private class ApachePairModel extends SummaryModelCsv {
504-
override predicate row(string row) {
505-
row =
506-
[
383+
"org.apache.commons.lang3.builder;ToStringBuilder;false;appendToString;;;Argument[-1];ReturnValue;value",
507384
"org.apache.commons.lang3.tuple;Pair;false;getKey;;;Field[org.apache.commons.lang3.tuple.ImmutablePair.left] of Argument[-1];ReturnValue;value",
508385
"org.apache.commons.lang3.tuple;Pair;false;getValue;;;Field[org.apache.commons.lang3.tuple.ImmutablePair.right] of Argument[-1];ReturnValue;value",
509386
"org.apache.commons.lang3.tuple;Pair;false;getKey;;;Field[org.apache.commons.lang3.tuple.MutablePair.left] of Argument[-1];ReturnValue;value",
@@ -526,18 +403,7 @@ private class ApachePairModel extends SummaryModelCsv {
526403
"org.apache.commons.lang3.tuple;MutablePair;false;setRight;;;Argument[0];Field[org.apache.commons.lang3.tuple.MutablePair.right] of Argument[-1];value",
527404
"org.apache.commons.lang3.tuple;MutablePair;false;setValue;;;Argument[0];Field[org.apache.commons.lang3.tuple.MutablePair.right] of Argument[-1];value",
528405
"org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[0];Field[org.apache.commons.lang3.tuple.MutablePair.left] of ReturnValue;value",
529-
"org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field[org.apache.commons.lang3.tuple.MutablePair.right] of ReturnValue;value"
530-
]
531-
}
532-
}
533-
534-
/**
535-
* Value-propagating models for `Triple`, `ImmutableTriple` and `MutableTriple`.
536-
*/
537-
private class ApacheTripleModel extends SummaryModelCsv {
538-
override predicate row(string row) {
539-
row =
540-
[
406+
"org.apache.commons.lang3.tuple;MutablePair;false;of;(java.lang.Object,java.lang.Object);;Argument[1];Field[org.apache.commons.lang3.tuple.MutablePair.right] of ReturnValue;value",
541407
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field[org.apache.commons.lang3.tuple.ImmutableTriple.left] of ReturnValue;value",
542408
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field[org.apache.commons.lang3.tuple.ImmutableTriple.middle] of ReturnValue;value",
543409
"org.apache.commons.lang3.tuple;Triple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field[org.apache.commons.lang3.tuple.ImmutableTriple.right] of ReturnValue;value",
@@ -561,18 +427,7 @@ private class ApacheTripleModel extends SummaryModelCsv {
561427
"org.apache.commons.lang3.tuple;MutableTriple;false;setRight;;;Argument[0];Field[org.apache.commons.lang3.tuple.MutableTriple.right] of Argument[-1];value",
562428
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[0];Field[org.apache.commons.lang3.tuple.MutableTriple.left] of ReturnValue;value",
563429
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[1];Field[org.apache.commons.lang3.tuple.MutableTriple.middle] of ReturnValue;value",
564-
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field[org.apache.commons.lang3.tuple.MutableTriple.right] of ReturnValue;value"
565-
]
566-
}
567-
}
568-
569-
/**
570-
* Value-propagating models for `MutableObject`.
571-
*/
572-
private class ApacheMutableObjectModel extends SummaryModelCsv {
573-
override predicate row(string row) {
574-
row =
575-
[
430+
"org.apache.commons.lang3.tuple;MutableTriple;false;of;(java.lang.Object,java.lang.Object,java.lang.Object);;Argument[2];Field[org.apache.commons.lang3.tuple.MutableTriple.right] of ReturnValue;value",
576431
"org.apache.commons.lang3.mutable;MutableObject;false;MutableObject;;;Argument[0];SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value] of Argument[-1];value",
577432
"org.apache.commons.lang3.mutable;MutableObject;false;setValue;;;Argument[0];SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value] of Argument[-1];value",
578433
"org.apache.commons.lang3.mutable;MutableObject;false;getValue;;;SyntheticField[org.apache.commons.lang3.mutable.MutableObject.value] of Argument[-1];ReturnValue;value"

0 commit comments

Comments
 (0)