Skip to content

Commit 753c878

Browse files
smowtonsmowton
committed
Also cover jakarta version of javax.json, and some missed methods
1 parent ba5dc3c commit 753c878

38 files changed

+2743
-332
lines changed

java/ql/src/semmle/code/java/frameworks/JavaxJson.qll

Lines changed: 98 additions & 50 deletions
Original file line numberDiff line numberDiff line change
@@ -8,55 +8,103 @@ private import semmle.code.java.dataflow.ExternalFlow
88
private class FlowSummaries extends SummaryModelCsv {
99
override predicate row(string row) {
1010
row =
11-
[
12-
"javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
13-
"javax.json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
14-
"javax.json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",
15-
"javax.json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value",
16-
"javax.json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
17-
"javax.json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
18-
"javax.json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
19-
"javax.json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint",
20-
"javax.json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint",
21-
"javax.json;JsonArray;false;getString;;;Argument[1];ReturnValue;value",
22-
"javax.json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint",
23-
"javax.json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value",
24-
"javax.json;JsonArrayBuilder;false;add;;;Argument[0];Argument[-1];taint",
25-
"javax.json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
26-
"javax.json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint",
27-
"javax.json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint",
28-
"javax.json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint",
29-
"javax.json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint",
30-
"javax.json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint",
31-
"javax.json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint",
32-
"javax.json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint",
33-
"javax.json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint",
34-
"javax.json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint",
35-
"javax.json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint",
36-
"javax.json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value",
37-
"javax.json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint",
38-
"javax.json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value",
39-
"javax.json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
40-
"javax.json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
41-
"javax.json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
42-
"javax.json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint",
43-
"javax.json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint",
44-
"javax.json;JsonObject;false;getString;;;Argument[1];ReturnValue;value",
45-
"javax.json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value",
46-
"javax.json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint",
47-
"javax.json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
48-
"javax.json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
49-
"javax.json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint",
50-
"javax.json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint",
51-
"javax.json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint",
52-
"javax.json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint",
53-
"javax.json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint",
54-
"javax.json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint",
55-
"javax.json;JsonValue;false;toString;;;Argument[-1];ReturnValue;taint",
56-
"javax.json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint",
57-
"javax.json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint",
58-
"javax.json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint",
59-
"javax.json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint"
60-
]
11+
["javax", "jakarta"] + ".json;" +
12+
[
13+
"Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint",
14+
"Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint",
15+
"Json;false;createDiff;;;Argument[0..1];ReturnValue;taint",
16+
"Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint",
17+
"Json;false;createMergePatch;;;Argument[0];ReturnValue;taint",
18+
"Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint",
19+
"Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint",
20+
"Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint",
21+
"Json;false;createPatch;;;Argument[0];ReturnValue;taint",
22+
"Json;false;createReader;;;Argument[0];ReturnValue;taint",
23+
"Json;false;createWriter;;;Argument[0];ReturnValue;taint",
24+
"JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
25+
"JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
26+
"JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",
27+
"JsonArray;false;getInt;;;Argument[1];ReturnValue;value",
28+
"JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
29+
"JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
30+
"JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
31+
"JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint",
32+
"JsonArray;false;getString;;;Argument[-1];ReturnValue;taint",
33+
"JsonArray;false;getString;;;Argument[1];ReturnValue;value",
34+
"JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint",
35+
"JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value",
36+
"JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint",
37+
"JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint",
38+
"JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint",
39+
"JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint",
40+
"JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint",
41+
"JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint",
42+
"JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint",
43+
"JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint",
44+
"JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint",
45+
"JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint",
46+
"JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint",
47+
"JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint",
48+
"JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint",
49+
"JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint",
50+
"JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint",
51+
"JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint",
52+
"JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint",
53+
"JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint",
54+
"JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint",
55+
"JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint",
56+
"JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint",
57+
"JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
58+
"JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
59+
"JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint",
60+
"JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value",
61+
"JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint",
62+
"JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value",
63+
"JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value",
64+
"JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint",
65+
"JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint",
66+
"JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint",
67+
"JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint",
68+
"JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint",
69+
"JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint",
70+
"JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint",
71+
"JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint",
72+
"JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint",
73+
"JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint",
74+
"JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value",
75+
"JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint",
76+
"JsonObject;false;getInt;;;Argument[1];ReturnValue;value",
77+
"JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
78+
"JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
79+
"JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
80+
"JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint",
81+
"JsonObject;false;getString;;;Argument[-1];ReturnValue;taint",
82+
"JsonObject;false;getString;;;Argument[1];ReturnValue;value",
83+
"JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value",
84+
"JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint",
85+
"JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value",
86+
"JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
87+
"JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
88+
"JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
89+
"JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint",
90+
"JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint",
91+
"JsonPatch;false;apply;;;Argument[0];ReturnValue;taint",
92+
"JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint",
93+
"JsonReader;false;read;;;Argument[-1];ReturnValue;taint",
94+
"JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint",
95+
"JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint",
96+
"JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint",
97+
"JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint",
98+
"JsonString;false;getChars;;;Argument[-1];ReturnValue;taint",
99+
"JsonString;false;getString;;;Argument[-1];ReturnValue;taint",
100+
"JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint",
101+
"JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint",
102+
"JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint",
103+
"JsonValue;true;toString;;;Argument[-1];ReturnValue;taint",
104+
"JsonWriter;false;write;;;Argument[0];Argument[-1];taint",
105+
"JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint",
106+
"JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint",
107+
"JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint"
108+
]
61109
}
62110
}

0 commit comments

Comments
 (0)