Skip to content

Commit 78fe0f8

Browse files
smowtonsmowton
committed
Add models for decode/encodePointer methods
1 parent 2bd58d6 commit 78fe0f8

File tree

2 files changed

+30
-0
lines changed

2 files changed

+30
-0
lines changed

java/ql/src/semmle/code/java/frameworks/JavaxJson.qll

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,6 +24,8 @@ private class FlowSummaries extends SummaryModelCsv {
2424
".json;Json;false;createReader;;;Argument[0];ReturnValue;taint",
2525
".json;Json;false;createValue;;;Argument[0];ReturnValue;taint",
2626
".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint",
27+
".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint",
28+
".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint",
2729
".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
2830
".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
2931
".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",

java/ql/test/library-tests/frameworks/javax-json/Test.java

Lines changed: 28 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -223,6 +223,20 @@ public void test() {
223223
out = jakarta.json.Json.createWriter(in);
224224
sink(out); // $hasTaintFlow
225225
}
226+
{
227+
// "jakarta.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint"
228+
String out = null;
229+
String in = (String)source();
230+
out = jakarta.json.Json.decodePointer(in);
231+
sink(out); // $hasTaintFlow
232+
}
233+
{
234+
// "jakarta.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint"
235+
String out = null;
236+
String in = (String)source();
237+
out = jakarta.json.Json.encodePointer(in);
238+
sink(out); // $hasTaintFlow
239+
}
226240
{
227241
// "jakarta.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint"
228242
boolean out = false;
@@ -1934,6 +1948,20 @@ public void test() {
19341948
out = javax.json.Json.createWriter(in);
19351949
sink(out); // $hasTaintFlow
19361950
}
1951+
{
1952+
// "javax.json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint"
1953+
String out = null;
1954+
String in = (String)source();
1955+
out = javax.json.Json.decodePointer(in);
1956+
sink(out); // $hasTaintFlow
1957+
}
1958+
{
1959+
// "javax.json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint"
1960+
String out = null;
1961+
String in = (String)source();
1962+
out = javax.json.Json.encodePointer(in);
1963+
sink(out); // $hasTaintFlow
1964+
}
19371965
{
19381966
// "javax.json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint"
19391967
boolean out = false;

0 commit comments

Comments
 (0)