Java: move most negative models to package.model.yml files

Jami Cogswell · Jami Cogswell · commit 4c590d119064 · 2022-12-15T00:24:41.000-05:00
diff --git a/java/ql/lib/ext/TopJdkApis.model.yml b/java/ql/lib/ext/TopJdkApis.model.yml
@@ -90,42 +90,47 @@ extensions:
       extensible: extNegativeSummaryModel
     data:
       # namespace; type; name; signature; provenance (5)
-      - ["java.util", "Objects", "equals", "(Object,Object)", "manual"]   # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Collection", "size", "()", "manual"]               # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Collections", "emptyList", "()", "manual"]         # UNSUPPORTED: just gives an emptylist
-      - ["java.util", "Iterator", "hasNext", "()", "manual"]              # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Set", "contains", "(Object)", "manual"]            # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Set", "size", "()", "manual"]                      # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Set", "isEmpty", "()", "manual"]                   # UNSUPPORTED: type as sanitizer
-      - ["java.util", "List", "size", "()", "manual"]                     # UNSUPPORTED: type as sanitizer
-      - ["java.util", "List", "contains", "(Object)", "manual"]           # UNSUPPORTED: type as sanitizer
-      - ["java.util", "List", "isEmpty", "()", "manual"]                  # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Map", "containsKey", "(Object)", "manual"]         # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Map", "size", "()", "manual"]                      # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Map", "isEmpty", "()", "manual"]                   # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Optional", "isPresent", "()", "manual"]            # UNSUPPORTED: type as sanitizer
-      - ["java.util", "Optional", "empty", "()", "manual"]                # UNSUPPORTED: just gives empty Optional instance
-      - ["java.util", "UUID", "randomUUID", "()", "manual"]               # UNSUPPORTED: just gives UUID, no flow
-      - ["java.util", "UUID", "toString", "()", "manual"]                 # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
-      - ["java.lang", "Object", "toString", "()", "manual"]               # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
-      - ["java.lang", "Object", "equals", "(Object)", "manual"]           # **COLLISION** (both supported and unsupported per initial telemetry query): type as sanitizer
-      - ["java.lang", "Object", "getClass", "()", "manual"]               # UNSUPPORTED: only returns the class of the object, no dataflow?
-      - ["java.lang", "Class", "getName", "()", "manual"]                 # UNSUPPORTED: just returns class name, no flow as far as I can tell
-      - ["java.lang", "Class", "getSimpleName", "()", "manual"]           # UNSUPPORTED: just returns class name, no flow as far as I can tell
-      - ["java.lang", "String", "equals", "(Object)", "manual"]           # **SUPPORTED**: should be negative per Michael, but "supported" according to telemetry results (Note: no obvious MaD row... look into further, has the model been removed recently?)
-      - ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"] # UNSUPPORTED: type as sanitizer
-      - ["java.lang", "String", "length", "()", "manual"]                 # UNSUPPORTED: negative per Michael
-      - ["java.lang", "String", "isEmpty", "()", "manual"]                # UNSUPPORTED: type as sanitizer
-      - ["java.lang", "String", "contains", "(CharSequence)", "manual"]   # UNSUPPORTED: type as sanitizer
-      - ["java.lang", "String", "startsWith", "(String)", "manual"]       # UNSUPPORTED: type as sanitizer
-      - ["java.lang", "Enum", "equals", "(Object)", "manual"]             # UNSUPPORTED: type as sanitizer
-      - ["java.lang", "Enum", "toString", "()", "manual"]                 # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
-      - ["java.lang", "System", "currentTimeMillis", "()", "manual"]      # UNSUPPORTED: just gives current time
-      - ["java.lang", "Enum", "Enum", "(String,int)", "manual"]           # UNSUPPORTED: per Javadocs, "Programmers cannot invoke this constructor."
-      - ["java.lang", "Enum", "name", "()", "manual"]                     # UNSUPPORTED: just gets name, no flow?, similar usage to toString() per Javadocs
-      - ["java.util.stream", "Collectors", "toList", "()", "manual"]      # UNSUPPORTED: shouldn't have a model per Anders
-      - ["java.lang", "String", "valueOf", "(Object)", "manual"]          # UNSUPPORTED: per Anders: "this is a complex case that we haven't fully decided how to deal with"
-      - ["java.util", "Objects", "hash", "(Object[])", "manual"]          # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
-      - ["java.lang", "Object", "hashCode", "()", "manual"]               # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
-      - ["java.lang", "String", "hashCode", "()", "manual"]               # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
+      # COMMENT OUT ONCE MOVED TO `<packagename>.model.yml` FILE
+      # - ["java.util", "Objects", "equals", "(Object,Object)", "manual"]   # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Collection", "size", "()", "manual"]               # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Collections", "emptyList", "()", "manual"]         # UNSUPPORTED: just gives an emptylist
+      # - ["java.util", "Iterator", "hasNext", "()", "manual"]              # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Set", "contains", "(Object)", "manual"]            # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Set", "size", "()", "manual"]                      # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Set", "isEmpty", "()", "manual"]                   # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "List", "size", "()", "manual"]                     # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "List", "contains", "(Object)", "manual"]           # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "List", "isEmpty", "()", "manual"]                  # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Map", "containsKey", "(Object)", "manual"]         # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Map", "size", "()", "manual"]                      # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Map", "isEmpty", "()", "manual"]                   # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Optional", "isPresent", "()", "manual"]            # UNSUPPORTED: type as sanitizer
+      # - ["java.util", "Optional", "empty", "()", "manual"]                # UNSUPPORTED: just gives empty Optional instance
+      # - ["java.util", "UUID", "randomUUID", "()", "manual"]               # UNSUPPORTED: just gives UUID, no flow
+      # - ["java.util", "UUID", "toString", "()", "manual"]                 # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
+      # - ["java.util", "Objects", "hash", "(Object[])", "manual"]          # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
+
+      # - ["java.util.stream", "Collectors", "toList", "()", "manual"]      # UNSUPPORTED: shouldn't have a model per Anders
+
+      # - ["java.lang", "Object", "toString", "()", "manual"]               # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
+      # - ["java.lang", "Object", "equals", "(Object)", "manual"]           # **COLLISION** (both supported and unsupported per initial telemetry query): type as sanitizer
+      # - ["java.lang", "Object", "getClass", "()", "manual"]               # UNSUPPORTED: only returns the class of the object, no dataflow?
+      # - ["java.lang", "Class", "getName", "()", "manual"]                 # UNSUPPORTED: just returns class name, no flow as far as I can tell
+      # - ["java.lang", "Class", "getSimpleName", "()", "manual"]           # UNSUPPORTED: just returns class name, no flow as far as I can tell
+      # - ["java.lang", "String", "equals", "(Object)", "manual"]           # **SUPPORTED**: should be negative per Michael, but "supported" according to telemetry results (Note: no obvious MaD row... look into further, has the model been removed recently?)
+      # - ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"] # UNSUPPORTED: type as sanitizer
+      # - ["java.lang", "String", "length", "()", "manual"]                 # UNSUPPORTED: negative per Michael
+      # - ["java.lang", "String", "isEmpty", "()", "manual"]                # UNSUPPORTED: type as sanitizer
+      # - ["java.lang", "String", "contains", "(CharSequence)", "manual"]   # UNSUPPORTED: type as sanitizer
+      # - ["java.lang", "String", "startsWith", "(String)", "manual"]       # UNSUPPORTED: type as sanitizer
+      # - ["java.lang", "Enum", "equals", "(Object)", "manual"]             # UNSUPPORTED: type as sanitizer
+      # - ["java.lang", "Enum", "toString", "()", "manual"]                 # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
+      # - ["java.lang", "System", "currentTimeMillis", "()", "manual"]      # UNSUPPORTED: just gives current time
+      # - ["java.lang", "Enum", "Enum", "(String,int)", "manual"]           # UNSUPPORTED: per Javadocs, "Programmers cannot invoke this constructor."
+      # - ["java.lang", "Enum", "name", "()", "manual"]                     # UNSUPPORTED: just gets name, no flow?, similar usage to toString() per Javadocs
+      # - ["java.lang", "Object", "hashCode", "()", "manual"]               # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
+      # - ["java.lang", "String", "hashCode", "()", "manual"]               # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
+
+      # Ask Tony:
       - ["java.lang", "Throwable", "printStackTrace", "()", "manual"]     # UNSUPPORTED: per Anders: "This should probably not be a general step, but there might be specialised queries that care."
+      - ["java.lang", "String", "valueOf", "(Object)", "manual"]          # UNSUPPORTED: per Anders: "this is a complex case that we haven't fully decided how to deal with"
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
@@ -86,3 +86,26 @@ extensions:
       - ["java.lang", "StringBuffer", True, "StringBuffer", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "StringBuilder", True, "StringBuilder", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.lang", "System", False, "arraycopy", "", "", "Argument[0]", "Argument[2]", "taint", "manual"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: extNegativeSummaryModel
+    data:
+      - ["java.lang", "Object", "toString", "()", "manual"]
+      - ["java.lang", "Object", "equals", "(Object)", "manual"]
+      - ["java.lang", "Object", "getClass", "()", "manual"]
+      - ["java.lang", "Class", "getName", "()", "manual"]
+      - ["java.lang", "Class", "getSimpleName", "()", "manual"]
+      - ["java.lang", "String", "equals", "(Object)", "manual"]
+      - ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
+      - ["java.lang", "String", "length", "()", "manual"]
+      - ["java.lang", "String", "isEmpty", "()", "manual"]
+      - ["java.lang", "String", "contains", "(CharSequence)", "manual"]
+      - ["java.lang", "String", "startsWith", "(String)", "manual"]
+      - ["java.lang", "Enum", "equals", "(Object)", "manual"]
+      - ["java.lang", "Enum", "toString", "()", "manual"]
+      - ["java.lang", "System", "currentTimeMillis", "()", "manual"]
+      - ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
+      - ["java.lang", "Enum", "name", "()", "manual"]
+      - ["java.lang", "Object", "hashCode", "()", "manual"]
+      - ["java.lang", "String", "hashCode", "()", "manual"]
diff --git a/java/ql/lib/ext/java.util.model.yml b/java/ql/lib/ext/java.util.model.yml
@@ -355,3 +355,26 @@ extensions:
       - ["java.util", "Vector", True, "setElementAt", "(Object,int)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
       - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapKey", "Argument[-1].MapKey", "value", "manual"]
       - ["java.util", "WeakHashMap", False, "WeakHashMap", "(Map)", "", "Argument[0].MapValue", "Argument[-1].MapValue", "value", "manual"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: extNegativeSummaryModel
+    data:
+      - ["java.util", "Objects", "equals", "(Object,Object)", "manual"]
+      - ["java.util", "Collection", "size", "()", "manual"]
+      - ["java.util", "Collections", "emptyList", "()", "manual"]
+      - ["java.util", "Iterator", "hasNext", "()", "manual"]
+      - ["java.util", "Set", "contains", "(Object)", "manual"]
+      - ["java.util", "Set", "size", "()", "manual"]
+      - ["java.util", "Set", "isEmpty", "()", "manual"]
+      - ["java.util", "List", "size", "()", "manual"]
+      - ["java.util", "List", "contains", "(Object)", "manual"]
+      - ["java.util", "List", "isEmpty", "()", "manual"]
+      - ["java.util", "Map", "containsKey", "(Object)", "manual"]
+      - ["java.util", "Map", "size", "()", "manual"]
+      - ["java.util", "Map", "isEmpty", "()", "manual"]
+      - ["java.util", "Optional", "isPresent", "()", "manual"]
+      - ["java.util", "Optional", "empty", "()", "manual"]
+      - ["java.util", "UUID", "randomUUID", "()", "manual"]
+      - ["java.util", "UUID", "toString", "()", "manual"]
+      - ["java.util", "Objects", "hash", "(Object[])", "manual"]
diff --git a/java/ql/lib/ext/java.util.stream.model.yml b/java/ql/lib/ext/java.util.stream.model.yml
@@ -87,3 +87,9 @@ extensions:
       - ["java.util.stream", "Stream", True, "takeWhile", "(Predicate)", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
       - ["java.util.stream", "Stream", True, "toArray", "", "", "Argument[-1].Element", "ReturnValue.ArrayElement", "value", "manual"]
       - ["java.util.stream", "Stream", True, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: extNegativeSummaryModel
+    data:
+      - ["java.util.stream", "Collectors", "toList", "()", "manual"]
