Skip to content

Commit 37ca6a5

Browse files
author
Benjamin Muskalla
committed
Model Appenable and Writer
This allows us to track taint carried through all kind of writers.
1 parent 68385df commit 37ca6a5

File tree

3 files changed

+17
-3
lines changed

3 files changed

+17
-3
lines changed

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ private module Frameworks {
9191
private import semmle.code.java.frameworks.guava.Guava
9292
private import semmle.code.java.frameworks.jackson.JacksonSerializability
9393
private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
94+
private import semmle.code.java.frameworks.JavaIo
9495
private import semmle.code.java.frameworks.JavaxJson
9596
private import semmle.code.java.frameworks.JaxWS
9697
private import semmle.code.java.frameworks.JoddJson

java/ql/lib/semmle/code/java/frameworks/JavaIo.qll

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
/** Definitions of taint steps in Objects class of the JDK */
2+
3+
import java
4+
private import semmle.code.java.dataflow.ExternalFlow
5+
6+
private class ObjectsSummaryCsv extends SummaryModelCsv {
7+
override predicate row(string row) {
8+
row =
9+
[
10+
//`namespace; type; subtypes; name; signature; ext; input; output; kind`
11+
"java.lang;Appendable;false;append;;;Argument[0];Argument[-1];value",
12+
"java.lang;Appendable;false;append;;;Argument[-1];ReturnValue;value",
13+
"java.io;Writer;false;write;;;Argument[0];Argument[-1];value"
14+
]
15+
}
16+
}

java/ql/lib/semmle/code/java/frameworks/Strings.qll

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,6 @@ private class StringSummaryCsv extends SummaryModelCsv {
4040
"java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint",
4141
"java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint",
4242
"java.lang;String;false;valueOf;(char[]);;Argument[0];ReturnValue;taint",
43-
"java.io;StringWriter;true;append;;;Argument[0];Argument[-1];taint",
44-
"java.io;StringWriter;true;append;;;Argument[-1];ReturnValue;value",
45-
"java.io;StringWriter;true;write;;;Argument[0];Argument[-1];taint",
4643
"java.lang;AbstractStringBuilder;true;AbstractStringBuilder;(String);;Argument[0];Argument[-1];taint",
4744
"java.lang;AbstractStringBuilder;true;append;;;Argument[0];Argument[-1];taint",
4845
"java.lang;AbstractStringBuilder;true;append;;;Argument[-1];ReturnValue;value",

0 commit comments

Comments
 (0)