Java: Convert Google HTTP client API parseAs sink to CSV format

tamasvajk · tamasvajk · commit 3e53484bb3b9 · 2021-04-09T13:10:44.000+02:00
diff --git a/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll
@@ -76,6 +76,7 @@ private module Frameworks {
   private import semmle.code.java.frameworks.ApacheHttp
   private import semmle.code.java.frameworks.apache.Lang
   private import semmle.code.java.frameworks.guava.Guava
+  private import semmle.code.java.frameworks.google.GoogleHttpClientApi
   private import semmle.code.java.security.ResponseSplitting
   private import semmle.code.java.security.XSS
 }
diff --git a/java/ql/src/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll b/java/ql/src/semmle/code/java/frameworks/google/GoogleHttpClientApi.qll
@@ -2,14 +2,7 @@ import java
 import semmle.code.java.Serializability
 import semmle.code.java.dataflow.DataFlow
 import semmle.code.java.dataflow.DataFlow5
-
-/** The method `parseAs` in `com.google.api.client.http.HttpResponse`. */
-private class ParseAsMethod extends Method {
-  ParseAsMethod() {
-    this.getDeclaringType().hasQualifiedName("com.google.api.client.http", "HttpResponse") and
-    this.hasName("parseAs")
-  }
-}
+private import semmle.code.java.dataflow.ExternalFlow
 
 private class TypeLiteralToParseAsFlowConfiguration extends DataFlow5::Configuration {
   TypeLiteralToParseAsFlowConfiguration() {
@@ -18,16 +11,17 @@ private class TypeLiteralToParseAsFlowConfiguration extends DataFlow5::Configura
 
   override predicate isSource(DataFlow::Node source) { source.asExpr() instanceof TypeLiteral }
 
-  override predicate isSink(DataFlow::Node sink) {
-    exists(MethodAccess ma |
-      ma.getAnArgument() = sink.asExpr() and
-      ma.getMethod() instanceof ParseAsMethod
-    )
-  }
+  override predicate isSink(DataFlow::Node sink) { sinkNode(sink, "google-parse-as") }
 
   TypeLiteral getSourceWithFlowToParseAs() { hasFlow(DataFlow::exprNode(result), _) }
 }
 
+private class ParseAsSinkModel extends SinkModelCsv {
+  override predicate row(string row) {
+    row = ["com.google.api.client.http;HttpResponse;false;parseAs;;;Argument;google-parse-as"]
+  }
+}
+
 /** A field that is deserialized by `HttpResponse.parseAs`. */
 class HttpResponseParseAsDeserializableField extends DeserializableField {
   HttpResponseParseAsDeserializableField() {

Original file line number	Diff line number	Diff line change
`@@ -76,6 +76,7 @@ private module Frameworks {`
`76`	`76`	`private import semmle.code.java.frameworks.ApacheHttp`
`77`	`77`	`private import semmle.code.java.frameworks.apache.Lang`
`78`	`78`	`private import semmle.code.java.frameworks.guava.Guava`
	`79`	`+ private import semmle.code.java.frameworks.google.GoogleHttpClientApi`
`79`	`80`	`private import semmle.code.java.security.ResponseSplitting`
`80`	`81`	`private import semmle.code.java.security.XSS`
`81`	`82`	`}`