Add some models for the org.lastaflute.web library

egregius313 · egregius313 · commit 3bd330423de0 · 2024-07-18T17:41:00.000-04:00
Methods annotated `@Execute` are handlers for URLs. Therefore, the
parameters of the methods annotated with the
`org.lastaflute.web.Execute` annotation are likely either URL parameters
or forms.
diff --git a/java/ql/lib/ext/org.lastaflute.web.ruts.multipart.model.yml b/java/ql/lib/ext/org.lastaflute.web.ruts.multipart.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.lastaflute.web.ruts.multipart", "MultipartFormFile", True, "getContentType", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["org.lastaflute.web.ruts.multipart", "MultipartFormFile", True, "getFileData", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["org.lastaflute.web.ruts.multipart", "MultipartFormFile", True, "getFileName", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+      - ["org.lastaflute.web.ruts.multipart", "MultipartFormFile", True, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -20,6 +20,7 @@ import semmle.code.java.frameworks.android.Android
 import semmle.code.java.frameworks.android.ExternalStorage
 import semmle.code.java.frameworks.android.OnActivityResultSource
 import semmle.code.java.frameworks.android.Intent
+private import semmle.code.java.frameworks.Lastaflute
 import semmle.code.java.frameworks.play.Play
 import semmle.code.java.frameworks.spring.SpringWeb
 import semmle.code.java.frameworks.spring.SpringController
diff --git a/java/ql/lib/semmle/code/java/frameworks/Lastaflute.qll b/java/ql/lib/semmle/code/java/frameworks/Lastaflute.qll
@@ -0,0 +1,22 @@
+import java
+import semmle.code.java.dataflow.FlowSources
+
+/**
+ * The `org.lastaflute.web.Execute` annotation.
+ */
+class LastafluteExecuteAnnotation extends Annotation {
+  LastafluteExecuteAnnotation() { this.getType().hasQualifiedName("org.lastaflute.web", "Execute") }
+}
+
+/**
+ * The parameter of a method defining a URL handler using the Lastaflute framework.
+ */
+class LastafluteHandlerParameterSource extends RemoteFlowSource {
+  LastafluteHandlerParameterSource() {
+    exists(Parameter p | p.getCallable().getAnAnnotation() instanceof LastafluteExecuteAnnotation |
+      p = this.asParameter()
+    )
+  }
+
+  override string getSourceType() { result = "Lastaflute handler parameter" }
+}
