Java: add comments

Jami Cogswell · Jami Cogswell · commit 939279af3844 · 2022-12-22T16:25:12.000-05:00
diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml
@@ -91,4 +91,4 @@ extensions:
       extensible: neutralModel
     data:
       - ["java.io", "File", "exists", "()", "manual"]
-      - ["java.io", "File", "getName", "()", "manual"]  # ! might need to double-check this one
+      - ["java.io", "File", "getName", "()", "manual"]  # ! unsure if should be neutral model
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
@@ -62,7 +62,7 @@ extensions:
       - ["java.lang", "String", False, "concat", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.lang", "String", False, "concat", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.lang", "String", False, "copyValueOf", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["java.lang", "String", False, "endsWith", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.lang", "String", False, "endsWith", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! why is this a summary model and not a neutral model instead? it returns a boolean
       - ["java.lang", "String", False, "format", "(Locale,String,Object[])", "", "Argument[1]", "ReturnValue", "taint", "manual"]
       - ["java.lang", "String", False, "format", "(Locale,String,Object[])", "", "Argument[2].ArrayElement", "ReturnValue", "taint", "manual"]
       - ["java.lang", "String", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -113,7 +113,7 @@ extensions:
     data:
       - ["java.lang", "AbstractStringBuilder", "length", "()", "manual"]
       - ["java.lang", "Boolean", "equals", "(Object)", "manual"]
-      - ["java.lang", "Class", "getClassLoader", "()", "manual"] # ! might need to double-check this one
+      - ["java.lang", "Class", "getClassLoader", "()", "manual"] # ! unsure if should be neutral model
       - ["java.lang", "Class", "getName", "()", "manual"]
       - ["java.lang", "Class", "getSimpleName", "()", "manual"]
       - ["java.lang", "Class", "isAssignableFrom", "(Class)", "manual"]
@@ -127,16 +127,16 @@ extensions:
       - ["java.lang", "Object", "hashCode", "()", "manual"]
       - ["java.lang", "Object", "toString", "()", "manual"]
       - ["java.lang", "String", "contains", "(CharSequence)", "manual"]
-      - ["java.lang", "String", "endsWith", "(String)", "manual"]
+      - ["java.lang", "String", "endsWith", "(String)", "manual"] # ! unsure if should be neutral model since already modeled as a summary above
       - ["java.lang", "String", "equals", "(Object)", "manual"]
       - ["java.lang", "String", "equalsIgnoreCase", "(String)", "manual"]
       - ["java.lang", "String", "hashCode", "()", "manual"]
-      - ["java.lang", "String", "indexOf", "(String)", "manual"]
+      - ["java.lang", "String", "indexOf", "(String)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
       - ["java.lang", "String", "isEmpty", "()", "manual"]
       - ["java.lang", "String", "length", "()", "manual"]
       - ["java.lang", "String", "startsWith", "(String)", "manual"]
       - ["java.lang", "System", "currentTimeMillis", "()", "manual"]
-      - ["java.lang", "System", "getProperty", "(String)", "manual"]
+      - ["java.lang", "System", "getProperty", "(String)", "manual"] # ! unsure if should be neutral model
       - ["java.lang", "System", "nanoTime", "()", "manual"]
       - ["java.lang", "Thread", "currentThread", "()", "manual"]
-      - ["java.lang", "Thread", "sleep", "(long)", "manual"]
+      - ["java.lang", "Thread", "sleep", "(long)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
diff --git a/java/ql/lib/ext/java.math.model.yml b/java/ql/lib/ext/java.math.model.yml
@@ -5,7 +5,7 @@ extensions:
     data:
       - ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.math", "BigDecimal", False, "valueOf", "(double)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["java.math", "BigDecimal", False, "valueOf", "(long)", "", "Argument[0]", "ReturnValue", "taint", "manual"]   # ! consider making this signatureless and merging with the above line instead
+      - ["java.math", "BigDecimal", False, "valueOf", "(long)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.lang", "Math", False, "min", "(int,int)", "", "Argument[0..1]", "ReturnValue", "value", "manual"]
 
   - addsTo:
diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml
@@ -28,4 +28,4 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
-      - ["java.sql", "ResultSet", "next", "()", "manual"]
+      - ["java.sql", "ResultSet", "next", "()", "manual"] # ! unsure if should be neutral model
diff --git a/java/ql/lib/ext/java.text.model.yml b/java/ql/lib/ext/java.text.model.yml
@@ -3,5 +3,5 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
-      - ["java.text", "DateFormat", "format", "(Date)", "manual"]
-      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"]
+      - ["java.text", "DateFormat", "format", "(Date)", "manual"]  # ! unsure if should be neutral model, is flow through the param interesting in this case?
+      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "manual"]  # ! unsure if should be neutral model, is flow through the param interesting in this case?
diff --git a/java/ql/lib/ext/java.time.model.yml b/java/ql/lib/ext/java.time.model.yml
@@ -4,5 +4,5 @@ extensions:
       extensible: neutralModel
     data:
       - ["java.time", "Instant", "now", "()", "manual"]
-      - ["java.time", "LocalDate", "of", "(int,int,int)", "manual"]
+      - ["java.time", "LocalDate", "of", "(int,int,int)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
       - ["java.time", "ZonedDateTime", "now", "()", "manual"]
diff --git a/java/ql/lib/ext/java.util.function.model.yml b/java/ql/lib/ext/java.util.function.model.yml
@@ -9,11 +9,11 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
-      - ["java.util.function", "Function", True, "apply", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["java.util.function", "Function", True, "apply", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! unsure if should be added as a MaD model and if model is correct
       - ["java.util.function", "Supplier", False, "get", "()", "", "Argument[-1]", "ReturnValue", "value", "manual"]
 
   - addsTo:
       pack: codeql/java-all
       extensible: neutralModel
     data:
-      - ["java.util.function", "Consumer", "accept", "(Object)", "manual"]
+      - ["java.util.function", "Consumer", "accept", "(Object)", "manual"] # ! unsure if should be neutral model
diff --git a/java/ql/lib/ext/java.util.model.yml b/java/ql/lib/ext/java.util.model.yml
@@ -369,7 +369,7 @@ extensions:
       - ["java.util", "Collections", "emptyList", "()", "manual"]
       - ["java.util", "Collections", "emptyMap", "()", "manual"]
       - ["java.util", "Collections", "emptySet", "()", "manual"]
-      - ["java.util", "Date", "Date", "(long)", "manual"]
+      - ["java.util", "Date", "Date", "(long)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
       - ["java.util", "Date", "getTime", "()", "manual"]
       - ["java.util", "Iterator", "hasNext", "()", "manual"]
       - ["java.util", "List", "clear", "()", "manual"]
diff --git a/java/ql/lib/ext/java.util.stream.model.yml b/java/ql/lib/ext/java.util.stream.model.yml
@@ -92,7 +92,7 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
-      - ["java.util.stream", "Collectors", "joining", "(CharSequence)", "manual"]
+      - ["java.util.stream", "Collectors", "joining", "(CharSequence)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
       - ["java.util.stream", "Collectors", "toList", "()", "manual"]
-      - ["java.util.stream", "Collectors", "toMap", "(Function,Function)", "manual"]
+      - ["java.util.stream", "Collectors", "toMap", "(Function,Function)", "manual"] # ! unsure if should be neutral model, is flow through the param interesting in this case?
       - ["java.util.stream", "Collectors", "toSet", "()", "manual"]
