Skip to content

Commit 23de085

Browse files
smowtonsmowton
committed
Add missing models and other minor improvements per Marcono1234's review
1 parent 40173f7 commit 23de085

File tree

2 files changed

+329
-51
lines changed

2 files changed

+329
-51
lines changed

java/ql/src/semmle/code/java/frameworks/JsonJava.qll

Lines changed: 26 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@ private class FlowModels extends SummaryModelCsv {
1212
"org.json;XMLXsiTypeConverter;true;convert;;;Argument[0];ReturnValue;taint",
1313
"org.json;CDL;false;rowToJSONArray;;;Argument[0];ReturnValue;taint",
1414
"org.json;CDL;false;rowToJSONObject;;;Argument[0..1];ReturnValue;taint",
15+
"org.json;CDL;false;rowToString;;;Argument[0];ReturnValue;taint",
1516
"org.json;CDL;false;toJSONArray;;;Argument[0..1];ReturnValue;taint",
1617
"org.json;CDL;false;toString;;;Argument[0..1];ReturnValue;taint",
1718
"org.json;Cookie;false;escape;;;Argument[0];ReturnValue;taint",
@@ -60,7 +61,7 @@ private class FlowModels extends SummaryModelCsv {
6061
"org.json;JSONArray;false;optNumber;;;Argument[-1];ReturnValue;taint",
6162
"org.json;JSONArray;false;optQuery;;;Argument[-1];ReturnValue;taint",
6263
"org.json;JSONArray;false;optString;;;Argument[-1];ReturnValue;taint",
63-
// Default values that may be returned by the `opt*` functions above:
64+
// Default values that may be returned by the `opt*` methods above:
6465
"org.json;JSONArray;false;optBigDecimal;;;Argument[1];ReturnValue;value",
6566
"org.json;JSONArray;false;optBigInteger;;;Argument[1];ReturnValue;value",
6667
"org.json;JSONArray;false;optBoolean;;;Argument[1];ReturnValue;value",
@@ -71,6 +72,7 @@ private class FlowModels extends SummaryModelCsv {
7172
"org.json;JSONArray;false;optLong;;;Argument[1];ReturnValue;value",
7273
"org.json;JSONArray;false;optNumber;;;Argument[1];ReturnValue;value",
7374
"org.json;JSONArray;false;optString;;;Argument[1];ReturnValue;value",
75+
"org.json;JSONArray;false;put;;;Argument[-1];ReturnValue;value",
7476
"org.json;JSONArray;false;put;(boolean);;Argument[0];Argument[-1];taint",
7577
"org.json;JSONArray;false;put;(Collection);;Element of Argument[0];Argument[-1];taint",
7678
"org.json;JSONArray;false;put;(double);;Argument[0];Argument[-1];taint",
@@ -89,11 +91,13 @@ private class FlowModels extends SummaryModelCsv {
8991
"org.json;JSONArray;false;put;(int,Map);;MapKey of Argument[1];Argument[-1];taint",
9092
"org.json;JSONArray;false;put;(int,Map);;MapValue of Argument[1];Argument[-1];taint",
9193
"org.json;JSONArray;false;put;(int,Object);;Argument[1];Argument[-1];taint",
94+
"org.json;JSONArray;false;putAll;;;Argument[-1];ReturnValue;value",
9295
"org.json;JSONArray;false;putAll;(Collection);;Element of Argument[0];Argument[-1];taint",
9396
"org.json;JSONArray;false;putAll;(Iterable);;Element of Argument[0];Argument[-1];taint",
9497
"org.json;JSONArray;false;putAll;(JSONArray);;Argument[0];Argument[-1];taint",
9598
"org.json;JSONArray;false;putAll;(Object);;Argument[0];Argument[-1];taint",
9699
"org.json;JSONArray;false;query;;;Argument[-1];ReturnValue;taint",
100+
"org.json;JSONArray;false;remove;;;Argument[-1];ReturnValue;taint",
97101
"org.json;JSONArray;false;toJSONObject;;;Argument[0];ReturnValue;taint",
98102
"org.json;JSONArray;false;toJSONObject;;;Argument[-1];ReturnValue;taint",
99103
"org.json;JSONArray;false;toList;;;Argument[0];Element of ReturnValue;taint",
@@ -114,9 +118,11 @@ private class FlowModels extends SummaryModelCsv {
114118
"org.json;JSONObject;false;JSONObject;(String);;Argument[0];Argument[-1];taint",
115119
"org.json;JSONObject;false;JSONObject;(String,Locale);;Argument[0];Argument[-1];taint",
116120
"org.json;JSONObject;false;accumulate;;;Argument[0..1];Argument[-1];taint",
121+
"org.json;JSONObject;false;accumulate;;;Argument[-1];ReturnValue;value",
117122
"org.json;JSONObject;false;append;;;Argument[0..1];Argument[-1];taint",
123+
"org.json;JSONObject;false;append;;;Argument[-1];ReturnValue;value",
118124
"org.json;JSONObject;false;doubleToString;;;Argument[0];ReturnValue;taint",
119-
"org.json;JSONObject;false;entrySet;;;Argument[-1];Element of ReturnValue;taint",
125+
"org.json;JSONObject;true;entrySet;;;Argument[-1];Element of ReturnValue;taint",
120126
"org.json;JSONObject;false;get;;;Argument[-1];ReturnValue;taint",
121127
"org.json;JSONObject;false;getBigDecimal;;;Argument[-1];ReturnValue;taint",
122128
"org.json;JSONObject;false;getBigInteger;;;Argument[-1];ReturnValue;taint",
@@ -132,6 +138,7 @@ private class FlowModels extends SummaryModelCsv {
132138
"org.json;JSONObject;false;getNumber;;;Argument[-1];ReturnValue;taint",
133139
"org.json;JSONObject;false;getString;;;Argument[-1];ReturnValue;taint",
134140
"org.json;JSONObject;false;increment;;;Argument[0];Argument[-1];taint",
141+
"org.json;JSONObject;false;increment;;;Argument[-1];ReturnValue;value",
135142
"org.json;JSONObject;false;keys;;;Argument[-1];Element of ReturnValue;taint",
136143
"org.json;JSONObject;false;keySet;;;Argument[-1];Element of ReturnValue;taint",
137144
"org.json;JSONObject;false;names;;;Argument[-1];ReturnValue;taint", // Returns a JSONArray, hence this has no Element qualifier or similar
@@ -150,7 +157,7 @@ private class FlowModels extends SummaryModelCsv {
150157
"org.json;JSONObject;false;optNumber;;;Argument[-1];ReturnValue;taint",
151158
"org.json;JSONObject;false;optQuery;;;Argument[-1];ReturnValue;taint",
152159
"org.json;JSONObject;false;optString;;;Argument[-1];ReturnValue;taint",
153-
// Default values that may be returned by the `opt*` functions above:
160+
// Default values that may be returned by the `opt*` methods above:
154161
"org.json;JSONObject;false;optBigDecimal;;;Argument[1];ReturnValue;value",
155162
"org.json;JSONObject;false;optBigInteger;;;Argument[1];ReturnValue;value",
156163
"org.json;JSONObject;false;optBoolean;;;Argument[1];ReturnValue;value",
@@ -161,6 +168,7 @@ private class FlowModels extends SummaryModelCsv {
161168
"org.json;JSONObject;false;optLong;;;Argument[1];ReturnValue;value",
162169
"org.json;JSONObject;false;optNumber;;;Argument[1];ReturnValue;value",
163170
"org.json;JSONObject;false;optString;;;Argument[1];ReturnValue;value",
171+
"org.json;JSONObject;false;put;;;Argument[-1];ReturnValue;value",
164172
"org.json;JSONObject;false;put;(String,boolean);;Argument[0];Argument[-1];taint",
165173
"org.json;JSONObject;false;put;(String,Collection);;Argument[0];Argument[-1];taint",
166174
"org.json;JSONObject;false;put;(String,double);;Argument[0];Argument[-1];taint",
@@ -178,12 +186,15 @@ private class FlowModels extends SummaryModelCsv {
178186
"org.json;JSONObject;false;put;(String,Map);;MapKey of Argument[1];Argument[-1];taint",
179187
"org.json;JSONObject;false;put;(String,Map);;MapValue of Argument[1];Argument[-1];taint",
180188
"org.json;JSONObject;false;put;(String,Object);;Argument[1];Argument[-1];taint",
189+
"org.json;JSONObject;false;putOnce;;;Argument[-1];ReturnValue;value",
181190
"org.json;JSONObject;false;putOnce;;;Argument[0..1];Argument[-1];taint",
191+
"org.json;JSONObject;false;putOpt;;;Argument[-1];ReturnValue;value",
182192
"org.json;JSONObject;false;putOpt;;;Argument[0..1];Argument[-1];taint",
183193
"org.json;JSONObject;false;query;;;Argument[-1];ReturnValue;taint",
184194
"org.json;JSONObject;false;quote;(String);;Argument[0];ReturnValue;taint",
185195
"org.json;JSONObject;false;quote;(String,Writer);;Argument[0];Argument[1];taint",
186196
"org.json;JSONObject;false;quote;(String,Writer);;Argument[1];ReturnValue;value",
197+
"org.json;JSONObject;false;remove;;;Argument[-1];ReturnValue;taint",
187198
"org.json;JSONObject;false;stringToValue;;;Argument[0];ReturnValue;taint",
188199
"org.json;JSONObject;false;toJSONArray;;;Argument[-1];ReturnValue;taint",
189200
"org.json;JSONObject;false;toMap;;;Argument[-1];MapKey of ReturnValue;taint",
@@ -202,14 +213,15 @@ private class FlowModels extends SummaryModelCsv {
202213
"org.json;JSONPointer$Builder;false;append;;;Argument[-1];ReturnValue;value",
203214
"org.json;JSONPointer$Builder;false;build;;;Argument[-1];ReturnValue;taint",
204215
"org.json;JSONStringer;false;toString;;;Argument[-1];ReturnValue;taint",
205-
"org.json;JSONTokener;false;JSONTokener;;;Argument[0];Argument[-1];taint",
206-
"org.json;JSONTokener;false;next;;;Argument[-1];ReturnValue;taint",
207-
"org.json;JSONTokener;false;nextClean;;;Argument[-1];ReturnValue;taint",
208-
"org.json;JSONTokener;false;nextString;;;Argument[-1];ReturnValue;taint",
209-
"org.json;JSONTokener;false;nextTo;;;Argument[-1];ReturnValue;taint",
210-
"org.json;JSONTokener;false;nextValue;;;Argument[-1];ReturnValue;taint",
211-
"org.json;JSONTokener;false;syntaxError;;;Argument[0..1];ReturnValue;taint",
212-
"org.json;JSONTokener;false;toString;;;Argument[-1];ReturnValue;taint",
216+
"org.json;JSONTokener;true;JSONTokener;;;Argument[0];Argument[-1];taint",
217+
"org.json;JSONTokener;true;next;;;Argument[-1];ReturnValue;taint",
218+
"org.json;JSONTokener;true;nextClean;;;Argument[-1];ReturnValue;taint",
219+
"org.json;JSONTokener;true;nextString;;;Argument[-1];ReturnValue;taint",
220+
"org.json;JSONTokener;true;nextTo;;;Argument[-1];ReturnValue;taint",
221+
"org.json;JSONTokener;true;nextValue;;;Argument[-1];ReturnValue;taint",
222+
"org.json;JSONTokener;true;syntaxError;;;Argument[0..1];ReturnValue;taint",
223+
"org.json;JSONTokener;true;toString;;;Argument[-1];ReturnValue;taint",
224+
// The following model doesn't work yet due to lack of support for reverse taint flow:
213225
"org.json;JSONWriter;true;JSONWriter;;;Argument[-1];Argument[0];taint",
214226
"org.json;JSONWriter;true;key;;;Argument[0];Argument[-1];taint",
215227
"org.json;JSONWriter;true;value;;;Argument[0];Argument[-1];taint",
@@ -220,14 +232,14 @@ private class FlowModels extends SummaryModelCsv {
220232
"org.json;JSONWriter;true;key;;;Argument[-1];ReturnValue;value",
221233
"org.json;JSONWriter;true;object;;;Argument[-1];ReturnValue;value",
222234
"org.json;JSONWriter;true;value;;;Argument[-1];ReturnValue;value",
223-
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
224-
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
225235
"org.json;Property;false;toJSONObject;;;MapKey of Argument[0];ReturnValue;taint",
226236
"org.json;Property;false;toJSONObject;;;MapValue of Argument[0];ReturnValue;taint",
237+
"org.json;Property;false;toProperties;;;Argument[0];MapKey of ReturnValue;taint",
238+
"org.json;Property;false;toProperties;;;Argument[0];MapValue of ReturnValue;taint",
227239
"org.json;XML;false;escape;;;Argument[0];ReturnValue;taint",
228240
"org.json;XML;false;stringToValue;;;Argument[0];ReturnValue;taint",
229241
"org.json;XML;false;toJSONObject;;;Argument[0];ReturnValue;taint",
230-
"org.json;XML;false;toString;;;Argument[0];ReturnValue;taint",
242+
"org.json;XML;false;toString;;;Argument[0..1];ReturnValue;taint",
231243
"org.json;XML;false;unescape;;;Argument[0];ReturnValue;taint",
232244
"org.json;XMLTokener;false;XMLTokener;;;Argument[0];Argument[-1];taint",
233245
"org.json;XMLTokener;false;nextCDATA;;;Argument[-1];ReturnValue;taint",

0 commit comments

Comments
 (0)