Skip to content

Commit b8608a1

Browse files
owen-mcowen-mc
authored
Merge pull request github#15946 from owen-mc/java/more-manual-models
Java: more manual models
2 parents 219cd4e + 7371f5e commit b8608a1

File tree

6 files changed

+93
-9
lines changed

6 files changed

+93
-9
lines changed

java/ql/lib/ext/java.io.model.yml

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -78,11 +78,13 @@ extensions:
7878
- ["java.io", "File", True, "getCanonicalFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
7979
- ["java.io", "File", True, "getCanonicalPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8080
- ["java.io", "File", True, "getName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
81+
- ["java.io", "File", True, "getParent", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
8182
- ["java.io", "File", True, "getParentFile", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8283
- ["java.io", "File", True, "getPath", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8384
- ["java.io", "File", True, "toPath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8485
- ["java.io", "File", True, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8586
- ["java.io", "File", True, "toURI", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
87+
- ["java.io", "File", True, "toURL", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
8688
- ["java.io", "FilterOutputStream", True, "FilterOutputStream", "(OutputStream)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
8789
- ["java.io", "InputStream", True, "read", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
8890
- ["java.io", "InputStream", True, "read", "(byte[])", "", "Argument[this]", "Argument[0]", "taint", "manual"]
@@ -118,6 +120,7 @@ extensions:
118120
- ["java.io", "File", "listFiles", "", "summary", "df-manual"]
119121
- ["java.io", "File", "mkdirs", "()", "summary", "manual"]
120122
- ["java.io", "FileInputStream", "FileInputStream", "(File)", "summary", "manual"]
123+
- ["java.io", "FileInputStream", "FileInputStream", "(FileDescriptor)", "summary", "df-manual"]
121124
- ["java.io", "FileInputStream", "FileInputStream", "(String)", "summary", "df-manual"]
122125
- ["java.io", "InputStream", "close", "()", "summary", "manual"]
123126
- ["java.io", "ObjectInput", "readObject", "()", "summary", "df-manual"] # this is a deserialization sink modeled in regular CodeQL

java/ql/lib/ext/java.lang.model.yml

Lines changed: 20 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -114,6 +114,7 @@ extensions:
114114
- ["java.lang", "String", False, "indent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
115115
- ["java.lang", "String", False, "intern", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
116116
- ["java.lang", "String", False, "join", "", "", "Argument[0..1]", "ReturnValue", "taint", "manual"]
117+
- ["java.lang", "String", False, "lines", "()", "", "Argument[this]", "ReturnValue.Element", "taint", "df-manual"]
117118
- ["java.lang", "String", False, "repeat", "(int)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
118119
- ["java.lang", "String", False, "replace", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
119120
- ["java.lang", "String", False, "replace", "", "", "Argument[1]", "ReturnValue", "taint", "manual"]
@@ -185,8 +186,19 @@ extensions:
185186
- ["java.lang", "Class", "isAssignableFrom", "(Class)", "summary", "manual"]
186187
- ["java.lang", "Class", "isInstance", "(Object)", "summary", "manual"]
187188
- ["java.lang", "Class", "toString", "()", "summary", "manual"]
189+
- ["java.lang", "ClassLoader", "findResource", "(String)", "summary", "df-manual"]
190+
- ["java.lang", "ClassLoader", "getDefinedPackage", "(String)", "summary", "df-manual"]
191+
- ["java.lang", "ClassLoader", "getDefinedPackage", "(String)", "summary", "df-manual"]
192+
- ["java.lang", "ClassLoader", "getName", "()", "summary", "df-manual"]
193+
- ["java.lang", "ClassLoader", "getParent", "()", "summary", "df-manual"]
188194
- ["java.lang", "ClassLoader", "getResource", "(String)", "summary", "manual"]
189195
- ["java.lang", "ClassLoader", "getResourceAsStream", "(String)", "summary", "manual"]
196+
- ["java.lang", "ClassLoader", "getSystemResource", "(String)", "summary", "df-manual"]
197+
- ["java.lang", "ClassLoader", "getUnnamedModule", "()", "summary", "df-manual"]
198+
- ["java.lang", "ClassLoader", "loadClass", "(String)", "summary", "df-manual"]
199+
- ["java.lang", "ClassLoader", "loadClass", "(String,boolean)", "summary", "df-manual"]
200+
- ["java.lang", "ClassLoader", "setClassAssertionStatus", "(String,boolean)", "summary", "df-manual"]
201+
- ["java.lang", "ClassLoader", "setPackageAssertionStatus", "(String,boolean)", "summary", "df-manual"]
190202
- ["java.lang", "Enum", "Enum", "(String,int)", "summary", "manual"]
191203
- ["java.lang", "Enum", "equals", "(Object)", "summary", "manual"]
192204
- ["java.lang", "Enum", "hashCode", "()", "summary", "manual"]
@@ -228,14 +240,14 @@ extensions:
228240
- ["java.lang", "Thread", "interrupt", "()", "summary", "manual"]
229241
- ["java.lang", "Thread", "sleep", "(long)", "summary", "manual"]
230242
- ["java.lang", "Thread", "start", "()", "summary", "manual"]
231-
- ["java.lang", "Throwable", "addSuppressed", "(Throwable)", "summary", "manual"]
232-
- ["java.lang", "Throwable", "fillInStackTrace", "()", "summary", "manual"]
233-
- ["java.lang", "Throwable", "getStackTrace", "()", "summary", "manual"]
234-
- ["java.lang", "Throwable", "getSuppressed", "()", "summary", "manual"]
235-
- ["java.lang", "Throwable", "printStackTrace", "()", "summary", "manual"]
236-
- ["java.lang", "Throwable", "printStackTrace", "(PrintStream)", "summary", "manual"]
237-
- ["java.lang", "Throwable", "printStackTrace", "(PrintWriter)", "summary", "manual"]
238-
- ["java.lang", "Throwable", "setStackTrace", "(StackTraceElement[])", "summary", "manual"]
243+
- ["java.lang", "Throwable", "addSuppressed", "(Throwable)", "summary", "df-manual"]
244+
- ["java.lang", "Throwable", "fillInStackTrace", "()", "summary", "df-manual"]
245+
- ["java.lang", "Throwable", "getStackTrace", "()", "summary", "df-manual"]
246+
- ["java.lang", "Throwable", "getSuppressed", "()", "summary", "df-manual"]
247+
- ["java.lang", "Throwable", "printStackTrace", "()", "summary", "df-manual"]
248+
- ["java.lang", "Throwable", "printStackTrace", "(PrintStream)", "summary", "df-manual"]
249+
- ["java.lang", "Throwable", "printStackTrace", "(PrintWriter)", "summary", "df-manual"]
250+
- ["java.lang", "Throwable", "setStackTrace", "(StackTraceElement[])", "summary", "df-manual"]
239251
# The below APIs have numeric flow and are currently being stored as neutral models.
240252
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
241253
- ["java.lang", "Double", "doubleToLongBits", "(double)", "summary", "manual"] # taint-numeric

java/ql/lib/ext/java.net.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -67,4 +67,5 @@ extensions:
6767
data:
6868
# summary neutrals
6969
- ["java.net", "Socket", "getOutputStream", "()", "summary", "df-manual"]
70+
- ["java.net", "Socket", "connect", "(SocketAddress)", "summary", "df-manual"]
7071
- ["java.net", "Socket", "connect", "(SocketAddress,int)", "summary", "df-manual"]

java/ql/lib/ext/java.nio.file.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,7 @@ extensions:
9191
data:
9292
# summary neutrals
9393
- ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"]
94-
- ["java.nio.file", "Files", "newInputStream", "(Path,LinkOption[])", "summary", "df-manual"]
94+
- ["java.nio.file", "Files", "newInputStream", "(Path,OpenOption[])", "summary", "df-manual"]
9595
# sink neutrals
9696
- ["java.nio.file", "Files", "getLastModifiedTime", "", "sink", "hq-manual"]
9797
- ["java.nio.file", "Files", "getOwner", "", "sink", "hq-manual"]

java/ql/lib/ext/java.util.model.yml

Lines changed: 67 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -58,13 +58,15 @@ extensions:
5858
- ["java.util", "Collection", True, "toArray", "", "", "Argument[this].Element", "Argument[0].ArrayElement", "value", "manual"]
5959
- ["java.util", "Collection", True, "toArray", "", "", "Argument[this].Element", "ReturnValue.ArrayElement", "value", "manual"]
6060
- ["java.util", "Collections", False, "addAll", "(Collection,Object[])", "", "Argument[1].ArrayElement", "Argument[0].Element", "value", "manual"]
61+
- ["java.util", "Collections", False, "asLifoQueue", "(Deque)", "", "Argument[0].Element", "ReturnValue.Element", "value", "df-manual"]
6162
- ["java.util", "Collections", False, "checkedCollection", "(Collection,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
6263
- ["java.util", "Collections", False, "checkedList", "(List,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
6364
- ["java.util", "Collections", False, "checkedMap", "(Map,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
6465
- ["java.util", "Collections", False, "checkedMap", "(Map,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
6566
- ["java.util", "Collections", False, "checkedNavigableMap", "(NavigableMap,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
6667
- ["java.util", "Collections", False, "checkedNavigableMap", "(NavigableMap,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
6768
- ["java.util", "Collections", False, "checkedNavigableSet", "(NavigableSet,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
69+
- ["java.util", "Collections", False, "checkedQueue", "(Queue,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "df-manual"]
6870
- ["java.util", "Collections", False, "checkedSet", "(Set,Class)", "", "Argument[0].Element", "ReturnValue.Element", "value", "manual"]
6971
- ["java.util", "Collections", False, "checkedSortedMap", "(SortedMap,Class,Class)", "", "Argument[0].MapKey", "ReturnValue.MapKey", "value", "manual"]
7072
- ["java.util", "Collections", False, "checkedSortedMap", "(SortedMap,Class,Class)", "", "Argument[0].MapValue", "ReturnValue.MapValue", "value", "manual"]
@@ -309,6 +311,9 @@ extensions:
309311
- ["java.util", "Queue", True, "poll", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
310312
- ["java.util", "Queue", True, "remove", "()", "", "Argument[this].Element", "ReturnValue", "value", "manual"]
311313
- ["java.util", "ResourceBundle", True, "getString", "(String)", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"]
314+
- ["java.util", "Scanner", True, "findAll", "(Pattern)", "", "Argument[this]", "ReturnValue.Element", "taint", "df-manual"]
315+
- ["java.util", "Scanner", True, "findAll", "(String)", "", "Argument[this]", "ReturnValue.Element", "taint", "df-manual"]
316+
- ["java.util", "Scanner", True, "match", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
312317
- ["java.util", "Scanner", True, "Scanner", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
313318
- ["java.util", "Scanner", True, "findInLine", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
314319
- ["java.util", "Scanner", True, "findWithinHorizon", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@@ -428,6 +433,8 @@ extensions:
428433
- ["java.util", "Collections", "emptyList", "()", "summary", "manual"]
429434
- ["java.util", "Collections", "emptyMap", "()", "summary", "manual"]
430435
- ["java.util", "Collections", "emptySet", "()", "summary", "manual"]
436+
- ["java.util", "Collections", "newSetFromMap", "", "summary", "df-manual"]
437+
- ["java.util", "Collections", "reverseOrder", "", "summary", "df-manual"]
431438
- ["java.util", "Collections", "sort", "", "summary", "manual"]
432439
- ["java.util", "Enumeration", "hasMoreElements", "()", "summary", "manual"]
433440
- ["java.util", "EnumSet", "allOf", "(Class)", "summary", "df-manual"]
@@ -451,7 +458,62 @@ extensions:
451458
- ["java.util", "List", "of", "()", "summary", "manual"]
452459
- ["java.util", "List", "sort", "(Comparator)", "summary", "manual"]
453460
- ["java.util", "List", "size", "()", "summary", "manual"]
461+
- ["java.util", "Locale$Builder", "addUnicodeLocaleAttribute", "(String)", "summary", "df-manual"]
462+
- ["java.util", "Locale$Builder", "build", "()", "summary", "df-manual"]
463+
- ["java.util", "Locale$Builder", "clear", "()", "summary", "df-manual"]
464+
- ["java.util", "Locale$Builder", "clearExtensions", "()", "summary", "df-manual"]
465+
- ["java.util", "Locale$Builder", "removeUnicodeLocaleAttribute", "(String)", "summary", "df-manual"]
466+
- ["java.util", "Locale$Builder", "setExtension", "(char,String)", "summary", "df-manual"]
467+
- ["java.util", "Locale$Builder", "setLanguage", "(String)", "summary", "df-manual"]
468+
- ["java.util", "Locale$Builder", "setLanguageTag", "(String)", "summary", "df-manual"]
469+
- ["java.util", "Locale$Builder", "setLocale", "(Locale)", "summary", "df-manual"]
470+
- ["java.util", "Locale$Builder", "setLocale", "(Locale)", "summary", "df-manual"]
471+
- ["java.util", "Locale$Builder", "setRegion", "(String)", "summary", "df-manual"]
472+
- ["java.util", "Locale$Builder", "setScript", "(String)", "summary", "df-manual"]
473+
- ["java.util", "Locale$Builder", "setUnicodeLocaleKeyword", "(String,String)", "summary", "df-manual"]
474+
- ["java.util", "Locale$Builder", "setVariant", "(String)", "summary", "df-manual"]
475+
- ["java.util", "Locale$Builder", "setVariant", "(String)", "summary", "df-manual"]
476+
- ["java.util", "Locale$LanguageRange", "LanguageRange", "(String)", "summary", "df-manual"]
477+
- ["java.util", "Locale$LanguageRange", "LanguageRange", "(String,double)", "summary", "df-manual"]
478+
- ["java.util", "Locale$LanguageRange", "getRange", "()", "summary", "df-manual"]
479+
- ["java.util", "Locale$LanguageRange", "mapEquivalents", "(List,Map)", "summary", "df-manual"]
480+
- ["java.util", "Locale$LanguageRange", "mapEquivalents", "(List,Map)", "summary", "df-manual"]
481+
- ["java.util", "Locale$LanguageRange", "parse", "(String)", "summary", "df-manual"]
482+
- ["java.util", "Locale$LanguageRange", "parse", "(String,Map)", "summary", "df-manual"]
483+
- ["java.util", "Locale$LanguageRange", "parse", "(String,Map)", "summary", "df-manual"]
484+
- ["java.util", "Locale", "Locale", "(String)", "summary", "df-manual"]
485+
- ["java.util", "Locale", "Locale", "(String,String)", "summary", "df-manual"]
486+
- ["java.util", "Locale", "Locale", "(String,String)", "summary", "df-manual"]
487+
- ["java.util", "Locale", "Locale", "(String,String,String)", "summary", "df-manual"]
488+
- ["java.util", "Locale", "Locale", "(String,String,String)", "summary", "df-manual"]
489+
- ["java.util", "Locale", "Locale", "(String,String,String)", "summary", "df-manual"]
490+
- ["java.util", "Locale", "filterTags", "(List,Collection)", "summary", "df-manual"]
491+
- ["java.util", "Locale", "filterTags", "(List,Collection,Locale$FilteringMode)", "summary", "df-manual"]
454492
- ["java.util", "Locale", "forLanguageTag", "(String)", "summary", "manual"]
493+
- ["java.util", "Locale", "getCountry", "()", "summary", "df-manual"]
494+
- ["java.util", "Locale", "getDisplayCountry", "()", "summary", "df-manual"]
495+
- ["java.util", "Locale", "getDisplayCountry", "(Locale)", "summary", "df-manual"]
496+
- ["java.util", "Locale", "getDisplayCountry", "(Locale)", "summary", "df-manual"]
497+
- ["java.util", "Locale", "getDisplayLanguage", "()", "summary", "df-manual"]
498+
- ["java.util", "Locale", "getDisplayLanguage", "(Locale)", "summary", "df-manual"]
499+
- ["java.util", "Locale", "getDisplayLanguage", "(Locale)", "summary", "df-manual"]
500+
- ["java.util", "Locale", "getDisplayName", "()", "summary", "df-manual"]
501+
- ["java.util", "Locale", "getDisplayName", "(Locale)", "summary", "df-manual"]
502+
- ["java.util", "Locale", "getDisplayName", "(Locale)", "summary", "df-manual"]
503+
- ["java.util", "Locale", "getDisplayScript", "()", "summary", "df-manual"]
504+
- ["java.util", "Locale", "getDisplayScript", "(Locale)", "summary", "df-manual"]
505+
- ["java.util", "Locale", "getDisplayScript", "(Locale)", "summary", "df-manual"]
506+
- ["java.util", "Locale", "getDisplayVariant", "()", "summary", "df-manual"]
507+
- ["java.util", "Locale", "getDisplayVariant", "(Locale)", "summary", "df-manual"]
508+
- ["java.util", "Locale", "getDisplayVariant", "(Locale)", "summary", "df-manual"]
509+
- ["java.util", "Locale", "getExtensionKeys", "()", "summary", "df-manual"]
510+
- ["java.util", "Locale", "getISO3Language", "()", "summary", "df-manual"]
511+
- ["java.util", "Locale", "getLanguage", "()", "summary", "df-manual"]
512+
- ["java.util", "Locale", "getScript", "()", "summary", "df-manual"]
513+
- ["java.util", "Locale", "getVariant", "()", "summary", "df-manual"]
514+
- ["java.util", "Locale", "lookupTag", "(List,Collection)", "summary", "df-manual"]
515+
- ["java.util", "Locale", "stripExtensions", "()", "summary", "df-manual"]
516+
- ["java.util", "Locale", "toLanguageTag", "()", "summary", "df-manual"]
455517
- ["java.util", "Map", "containsKey", "(Object)", "summary", "manual"]
456518
- ["java.util", "Map", "isEmpty", "()", "summary", "manual"]
457519
- ["java.util", "Map", "size", "()", "summary", "manual"]
@@ -465,6 +527,11 @@ extensions:
465527
- ["java.util", "Optional", "isPresent", "()", "summary", "manual"]
466528
- ["java.util", "Random", "nextInt", "(int)", "summary", "manual"]
467529
- ["java.util", "ResourceBundle", "getBundle", "", "summary", "df-manual"]
530+
- ["java.util", "Scanner", "delimiter", "()", "summary", "df-manual"]
531+
- ["java.util", "Scanner", "hasNext", "(Pattern)", "summary", "df-manual"]
532+
- ["java.util", "Scanner", "hasNext", "(String)", "summary", "df-manual"]
533+
- ["java.util", "Scanner", "ioException", "()", "summary", "df-manual"]
534+
- ["java.util", "Scanner", "locale", "()", "summary", "df-manual"]
468535
- ["java.util", "Set", "contains", "(Object)", "summary", "manual"]
469536
- ["java.util", "Set", "isEmpty", "()", "summary", "manual"]
470537
- ["java.util", "Set", "size", "()", "summary", "manual"]

java/ql/lib/ext/javax.crypto.spec.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -31,3 +31,4 @@ extensions:
3131
extensible: neutralModel
3232
data:
3333
- ["javax.crypto.spec", "SecretKeySpec", "SecretKeySpec", "(byte[],String)", "summary", "df-manual"]
34+
- ["javax.crypto.spec", "SecretKeySpec", "SecretKeySpec", "(byte[],int,int,String)", "summary", "df-manual"]

0 commit comments

Comments
 (0)