Skip to content

Commit 40e513b

Browse files
artem-smotrakovartem-smotrakov
committed
Added more taint propagation steps for InputStream and ByteBuffer
1 parent a4f3a5a commit 40e513b

File tree

1 file changed

+7
-0
lines changed

1 file changed

+7
-0
lines changed

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -257,17 +257,22 @@ private predicate sinkModelCsv(string row) {
257257
]
258258
}
259259

260+
// TODO: add ByteBuffer
260261
private predicate summaryModelCsv(string row) {
261262
row =
262263
[
263264
// qualifier to arg
264265
"java.io;InputStream;true;read;(byte[]);;Argument[-1];Argument[0];taint",
265266
"java.io;InputStream;true;read;(byte[],int,int);;Argument[-1];Argument[0];taint",
267+
"java.io;InputStream;true;readNBytes;(byte[],int,int);;Argument[-1];Argument[0];taint",
268+
"java.io;InputStream;true;transferTo;(OutputStream);;Argument[-1];Argument[0];taint",
266269
"java.io;ByteArrayOutputStream;false;writeTo;;;Argument[-1];Argument[0];taint",
267270
"java.io;Reader;true;read;;;Argument[-1];Argument[0];taint",
268271
// qualifier to return
269272
"java.io;ByteArrayOutputStream;false;toByteArray;;;Argument[-1];ReturnValue;taint",
270273
"java.io;ByteArrayOutputStream;false;toString;;;Argument[-1];ReturnValue;taint",
274+
"java.io;InputStream;true;readAllBytes;;;Argument[-1];ReturnValue;taint",
275+
"java.io;InputStream;true;readNBytes;(int);;Argument[-1];ReturnValue;taint",
271276
"java.util;StringTokenizer;false;nextElement;();;Argument[-1];ReturnValue;taint",
272277
"java.util;StringTokenizer;false;nextToken;;;Argument[-1];ReturnValue;taint",
273278
"javax.xml.transform.sax;SAXSource;false;getInputSource;;;Argument[-1];ReturnValue;taint",
@@ -278,10 +283,12 @@ private predicate summaryModelCsv(string row) {
278283
"java.net;URI;false;toAsciiString;;;Argument[-1];ReturnValue;taint",
279284
"java.io;File;false;toURI;;;Argument[-1];ReturnValue;taint",
280285
"java.io;File;false;toPath;;;Argument[-1];ReturnValue;taint",
286+
"java.nio;ByteBuffer;false;array;();;Argument[-1];ReturnValue;taint",
281287
"java.nio.file;Path;false;toFile;;;Argument[-1];ReturnValue;taint",
282288
"java.io;BufferedReader;true;readLine;;;Argument[-1];ReturnValue;taint",
283289
"java.io;Reader;true;read;();;Argument[-1];ReturnValue;taint",
284290
// arg to return
291+
"java.nio;ByteBuffer;false;wrap;(byte[]);;Argument[0];ReturnValue;taint",
285292
"java.util;Base64$Encoder;false;encode;(byte[]);;Argument[0];ReturnValue;taint",
286293
"java.util;Base64$Encoder;false;encode;(ByteBuffer);;Argument[0];ReturnValue;taint",
287294
"java.util;Base64$Encoder;false;encodeToString;(byte[]);;Argument[0];ReturnValue;taint",

0 commit comments

Comments
 (0)