Shared: add 'SharedModelValidation' file as experiment

Author: Jami Cogswell

config/identical-files.json

@@ -598,5 +598,14 @@
   "EncryptionKeySizes Python/Java": [
     "python/ql/lib/semmle/python/security/internal/EncryptionKeySizes.qll",
     "java/ql/lib/semmle/code/java/security/internal/EncryptionKeySizes.qll"
+  ],
+  "SharedModelValidation Java/C#/Go/JS/Python/Ruby/Swift (C++ is problematic for now)": [
+    "java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll",
+    "csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll",
+    "go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll",
+    "swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll",
+    "javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll",
+    "python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll",
+    "ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll"
   ]
 }

csharp/ql/lib/semmle/code/csharp/dataflow/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

go/ql/lib/semmle/go/dataflow/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

java/ql/lib/semmle/code/java/dataflow/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

javascript/ql/lib/semmle/javascript/frameworks/data/internal/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

python/ql/lib/semmle/python/frameworks/data/internal/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

ruby/ql/lib/codeql/ruby/frameworks/data/internal/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}

swift/ql/lib/codeql/swift/dataflow/SharedModelValidation.qll

@@ -0,0 +1,30 @@
+/**
+ * INTERNAL: Do not use.
+ *
+ * Provides classes for validating kinds in models as data rows.
+ * Such that we can share this logic across our CodeQL analysis of different languages.
+ */
+class ValidSinkKind extends string {
+  ValidSinkKind() {
+    this =
+      [
+        // shared ALL languages
+        "request-forgery", "ldap-injection", "sql-injection", "nosql-injection", "log-injection",
+        "xpath-injection", "html-injection", "js-injection", "url-redirection", "path-injection",
+        "file-content-store", "hostname-verification", "response-splitting", "information-leak",
+        "xslt-injection", "template-injection", "fragment-injection", "command-injection",
+        "unsafe-deserialization", "xxe", "database-store", "format-string",
+        // .matches("credentials-%"), .matches("regex-use%")"
+        // shared MOST languages
+        "code-injection", // .matches("encryption-%"),
+        // Java only
+        "jndi-injection", "mvel-injection", "groovy-injection", "ognl-injection", "jexl-injection",
+        "bean-validation", "intent-redirection", "pending-intents",
+        // JS only
+        "mongodb.sink",
+        // Swift only
+        "preferences-store", "transmission", "predicate-injection", "webview-fetch",
+        "tls-protocol-version", "hash-iteration-count" // .matches("%string-%length"), .matches("weak-hash-input-")
+      ]
+  }
+}