Update MaD Declarations after Triage

Stephan Brandauer · Stephan Brandauer · commit a9d21cef0195 · 2023-12-21T15:39:03.000+01:00
diff --git a/java/ql/lib/change-notes/2023-12-21-new-models.md b/java/ql/lib/change-notes/2023-12-21-new-models.md
@@ -0,0 +1,8 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * io.undertow.server.handlers.resource
+  * java.awt
+  * javax.servlet.http
diff --git a/java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml b/java/ql/lib/ext/io.undertow.server.handlers.resource.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["io.undertow.server.handlers.resource", "URLResource", True, "URLResource", "(URL,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
diff --git a/java/ql/lib/ext/java.awt.model.yml b/java/ql/lib/ext/java.awt.model.yml
@@ -6,11 +6,15 @@ extensions:
       - ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
       - ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "ReturnValue", "value", "manual"]
       - ["java.awt", "Container", True, "add", "(Component,Object)", "", "Argument[0]", "Argument[this].Element", "value", "manual"]
-
   - addsTo:
       pack: codeql/java-all
       extensible: neutralModel
     data:
       # The below APIs have numeric flow and are currently being stored as neutral models.
       # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
       - ["java.awt", "Insets", "Insets", "(int,int,int,int)", "summary", "manual"] # value-numeric
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["java.awt", "Desktop", True, "browse", "(URI)", "", "Argument[0]", "request-forgery", "ai-manual"]
diff --git a/java/ql/lib/ext/javax.servlet.http.model.yml b/java/ql/lib/ext/javax.servlet.http.model.yml
@@ -26,6 +26,7 @@ extensions:
       - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
       - ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"]
       - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
+      - ["javax.servlet.http", "HttpServletResponse", True, "sendRedirect", "(String)", "", "Argument[0]", "url-redirection", "ai-manual"]
       - ["javax.servlet.http", "HttpSession", True, "putValue", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
       - ["javax.servlet.http", "HttpSession", True, "setAttribute", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
   - addsTo:
