Apply code review suggestions.

Author: atorralba

java/ql/lib/ext/java.io.model.yml

@@ -3,13 +3,17 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["java.io", "File", True, "canExecute", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "canRead", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "canWrite", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "createNewFile", "()", "", "Argument[this]", "path-injection", "ai-manual"]
       - ["java.io", "File", True, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"]
       - ["java.io", "File", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "deleteOnExit", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isDirectory", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isFile", "()", "", "Argument[this]", "path-injection", "manual"]
+      - ["java.io", "File", True, "isHidden", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "mkdir", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "mkdirs", "()", "", "Argument[this]", "path-injection", "manual"]
       - ["java.io", "File", True, "renameTo", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]

java/ql/src/change-notes/2024-05-27-path-injection-file-sinks.md

@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Added more `File`-related sinks to the path injection query.
+* Added more `java.io.File`-related sinks to the path injection query.

java/ql/test/query-tests/security/CWE-022/semmle/tests/Test.java

@@ -37,6 +37,8 @@ void test() throws IOException {
         getClass().getResource((String) source()); // $ hasTaintFlow
         // "java.lang;ClassLoader;true;getSystemResourceAsStream;(String);;Argument[0];read-file;ai-generated"
         ClassLoader.getSystemResourceAsStream((String) source()); // $ hasTaintFlow
+        // "java.io;File;True;canExecute;();;Argument[this];path-injection;manual"
+        ((File) source()).canExecute(); // $ hasTaintFlow
         // "java.io;File;True;canRead;();;Argument[this];path-injection;manual"
         ((File) source()).canRead(); // $ hasTaintFlow
         // "java.io;File;True;canWrite;();;Argument[this];path-injection;manual"
@@ -51,6 +53,12 @@ void test() throws IOException {
         ((File) source()).deleteOnExit(); // $ hasTaintFlow
         // "java.io;File;True;exists;();;Argument[this];path-injection;manual"
         ((File) source()).exists(); // $ hasTaintFlow
+        // "java.io:File;True;isDirectory;();;Argument[this];path-injection;manual"
+        ((File) source()).isDirectory(); // $ hasTaintFlow
+        // "java.io:File;True;isFile;();;Argument[this];path-injection;manual"
+        ((File) source()).isFile(); // $ hasTaintFlow
+        // "java.io:File;True;isHidden;();;Argument[this];path-injection;manual"
+        ((File) source()).isHidden(); // $ hasTaintFlow
         // "java.io;File;True;mkdir;();;Argument[this];path-injection;manual"
         ((File) source()).mkdir(); // $ hasTaintFlow
         // "java.io;File;True;mkdirs;();;Argument[this];path-injection;manual"