Skip to content

Commit 134577e

Browse files
Jami CogswellJami Cogswell
authored andcommitted
Java: some updates to models
1 parent 4c590d1 commit 134577e

File tree

1 file changed

+22
-13
lines changed

1 file changed

+22
-13
lines changed

java/ql/lib/ext/TopJdkApis.model.yml

Lines changed: 22 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -66,24 +66,37 @@ extensions:
6666
- ["java.lang", "StringBuilder", False, "append", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
6767
- ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[-1]", "ReturnValue", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 24 through AbstractStringBuilder.append subtyping
6868
- ["java.lang", "StringBuffer", False, "append", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 25 through AbstractStringBuilder.append subtyping
69-
- ["java.lang", "Integer", False, "parseInt", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # SUPPORTED: no MaD row or regular CodeQL model that I can find... (Note: check for existing model again)
7069
- ["java.io", "File", False, "File", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: already modelled in java.io.model.yml at line 60, but no signature specified in existing model
71-
- ["java.io", "PrintWriter", False, "write", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row, modelled by Writer.write in java.io.model.yml at line 86 through subtyping
7270
- ["java.nio.file", "Path", True, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **COLLISION** (both supported and unsupported per initial telemetry query): already modelled in java.nio.file.model.yml at line 29, but no signature specified in existing model
73-
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row or regular CodeQL model that I can find... (Note: check for existing model again)
71+
- ["java.io", "PrintWriter", False, "write", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row, modelled by Writer.write in java.io.model.yml at line 86 through subtyping
7472
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: already modelled in java.lang.model.yml at lines 82-84 for other signatures (Tony wants this one)
75-
- ["java.lang", "String", False, "charAt", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: per Anders: "We may want this as a general model, and we've discussed it before without a clear-cut answer, I believe."
76-
- ["java.lang", "StringBuilder", "toString", "()", "manual"] # **SUPPORTED**: Tony said to keep as positive; modelled in java.lang.model.yml at line 34 through AbstractStringBuilder.toString subtyping
77-
- ["java.lang", "Throwable", "getMessage", "()", "", "manual"] # **UNSUPPORTED**: per Anders: "This should likely have a model, but as mentioned above, it's not really relevant yet."
78-
- ["java.sql", "ResultSet", "getString", "(String)", "", "manual"] # **UNSUPPORTED**: similar to toString()? per Anders: "It looks like something that probably ought to have a model."
73+
- ["java.lang", "StringBuilder", "toString", "()", "manual"] # SUPPORTED: modelled in java.lang.model.yml at line 34 through AbstractStringBuilder.toString subtyping
74+
- ["java.lang", "String", False, "charAt", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: per Anders: "We may want this as a general model, and we've discussed it before without a clear-cut answer, I believe."
75+
- ["java.sql", "ResultSet", "getString", "(String)", "", "manual"] # **UNSUPPORTED**: similar to toString()?, per Anders: "It looks like something that probably ought to have a model."
76+
77+
78+
# ! Where are the existing models for these two?
79+
- ["java.lang", "Integer", False, "parseInt", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # SUPPORTED: no MaD row or regular CodeQL model that I can find... (Note: check for existing model again)
80+
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row or regular CodeQL model that I can find... (Note: check for existing model again)
81+
82+
# ! Exception modelling, add more detailed field flow per Anders
83+
# ! Should I even model yet if the support for exceptions is blocked?
7984

80-
# Exception modelling, add more detailed field flow per Anders:
8185
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from Throwable arg to new Throwable object?
82-
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
86+
87+
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1].SyntheticField[java.lang.RuntimeException.message]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
88+
- ["java.lang", "RuntimeException", False, "getMessage", "()", "", "Argument[-1].SyntheticField[java.lang.RuntimeException.message]", "ReturnValue", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
89+
90+
8391
- ["java.lang", "RuntimeException", False, "RuntimeException", "(Throwable)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
8492
- ["java.lang", "IllegalArgumentException", False, "IllegalArgumentException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new IllegalArgumentException object?
8593
- ["java.lang", "IllegalStateException", False, "IllegalStateException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new IllegalStateException object?
8694
- ["java.lang", "UnsupportedOperationException", False, "UnsupportedOperationException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new UnsupportedOperationException object?
95+
- ["java.lang", "Throwable", "getMessage", "()", "", "manual"] # **UNSUPPORTED**: per Anders: "This should likely have a model, but as mentioned above, it's not really relevant yet."
96+
97+
# ! Leave these as a negative/neutral model? Or no model at all? (or just leave commented out like "collect(Collector<T,A,R> collector)" to indicate that it was looked at)
98+
- ["java.lang", "Throwable", "printStackTrace", "()", "manual"] # UNSUPPORTED: per Anders: "This should probably not be a general step, but there might be specialised queries that care."
99+
- ["java.lang", "String", "valueOf", "(Object)", "manual"] # UNSUPPORTED: per Anders: "this is a complex case that we haven't fully decided how to deal with"
87100

88101
- addsTo:
89102
pack: codeql/java-all
@@ -130,7 +143,3 @@ extensions:
130143
# - ["java.lang", "Enum", "name", "()", "manual"] # UNSUPPORTED: just gets name, no flow?, similar usage to toString() per Javadocs
131144
# - ["java.lang", "Object", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
132145
# - ["java.lang", "String", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
133-
134-
# Ask Tony:
135-
- ["java.lang", "Throwable", "printStackTrace", "()", "manual"] # UNSUPPORTED: per Anders: "This should probably not be a general step, but there might be specialised queries that care."
136-
- ["java.lang", "String", "valueOf", "(Object)", "manual"] # UNSUPPORTED: per Anders: "this is a complex case that we haven't fully decided how to deal with"

0 commit comments

Comments
 (0)