Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink

egregius313 · web-flow · commit d54489931c25 · 2024-03-12T16:39:20.000-04:00
Java: Add path-injection sink for `ParcelFileDescriptor::open`
diff --git a/java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md b/java/ql/lib/change-notes/2024-03-11-add-parcelfiledescriptor-open-model.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.
diff --git a/java/ql/lib/ext/android.os.model.yml b/java/ql/lib/ext/android.os.model.yml
@@ -132,3 +132,8 @@ extensions:
       - ["android.os", "Parcel", False, "readTypedList", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
       - ["android.os", "Parcel", False, "readTypedObject", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["android.os", "Parcel", False, "readValue", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["android.os", "ParcelFileDescriptor", False, "open", "", "", "Argument[0]", "path-injection", "manual"]

-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added a `path-injection` sink for the `open` methods of the `android.os.ParcelFileDescriptor` class.