You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: java/ql/lib/ext/TopJdkApis.model.yml
+15-17Lines changed: 15 additions & 17 deletions
Original file line number
Diff line number
Diff line change
@@ -45,7 +45,7 @@ extensions:
45
45
- ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 45
46
46
- ["java.util.stream", "Stream", True, "map", "(Function)", "", "Argument[0].ReturnValue", "ReturnValue.Element", "value", "manual"] # SUPPORTED: already modelled in java.util.stream.model.yml at line 46
47
47
- ["java.util.stream", "Stream", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED (extra one from Michael's list): already modelled in java.util.stream.model.yml at line 33
48
-
# - ["java.util.stream", "Stream", True, "collect", "(Collector)", "", "", "", "value", "manual"] # **UNSUPPORTED**: noted in java.util.stream.model.yml at line 19 that "collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD" (Note: look into if/how this is ever handled)
48
+
# - ["java.util.stream", "Stream", True, "collect", "(Collector)", "", "", "", "value", "manual"] # **UNSUPPORTED**: noted in java.util.stream.model.yml at line 19 that "collect(Collector<T,A,R> collector) is handled separately on a case-by-case basis as it is too complex for MaD"
49
49
- ["java.lang", "Iterable", True, "forEach", "(Consumer)", "", "Argument[-1].Element", "Argument[0].Parameter[0]", "value", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 40
50
50
- ["java.lang", "String", False, "trim", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 81, but no signature specified in existing model
51
51
- ["java.lang", "String", False, "substring", "(int,int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # SUPPORTED: already modelled in java.lang.model.yml at line 75, but no signature specified in existing model
@@ -71,18 +71,19 @@ extensions:
71
71
- ["java.io", "PrintWriter", False, "write", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row, modelled by Writer.write in java.io.model.yml at line 86 through subtyping
72
72
- ["java.nio.file", "Path", True, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **COLLISION** (both supported and unsupported per initial telemetry query): already modelled in java.nio.file.model.yml at line 29, but no signature specified in existing model
73
73
- ["java.math", "BigDecimal", False, "BigDecimal", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # SUPPORTED: no MaD row or regular CodeQL model that I can find... (Note: check for existing model again)
74
+
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: already modelled in java.lang.model.yml at lines 82-84 for other signatures (Tony wants this one)
75
+
- ["java.lang", "String", False, "charAt", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: per Anders: "We may want this as a general model, and we've discussed it before without a clear-cut answer, I believe."
76
+
- ["java.lang", "StringBuilder", "toString", "()", "manual"] # **SUPPORTED**: Tony said to keep as positive; modelled in java.lang.model.yml at line 34 through AbstractStringBuilder.toString subtyping
77
+
- ["java.lang", "Throwable", "getMessage", "()", "", "manual"] # **UNSUPPORTED**: per Anders: "This should likely have a model, but as mentioned above, it's not really relevant yet."
78
+
- ["java.sql", "ResultSet", "getString", "(String)", "", "manual"] # **UNSUPPORTED**: similar to toString()? per Anders: "It looks like something that probably ought to have a model."
74
79
75
-
# MAYBE Positive models (not sure about these):
76
-
- ["java.lang", "String", False, "valueOf", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: already modelled in java.lang.model.yml at lines 82-84 for other signatures, this exact signature is not modelled, is there a reason to exclude it?
77
-
- ["java.lang", "String", False, "valueOf", "(int)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: already modelled in java.lang.model.yml at lines 82-84 for other signatures, this exact signature is not modelled, is there a reason to exclude it?
78
-
- ["java.lang", "String", False, "charAt", "(int)", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # **UNSUPPORTED**: flow from String to returned char value?, is only getting a char back not considered interesting flow?
80
+
# Exception modelling, add more detailed field flow per Anders:
79
81
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from Throwable arg to new Throwable object?
80
82
- ["java.lang", "RuntimeException", False, "RuntimeException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
81
83
- ["java.lang", "RuntimeException", False, "RuntimeException", "(Throwable)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new RuntimeException object?
82
84
- ["java.lang", "IllegalArgumentException", False, "IllegalArgumentException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new IllegalArgumentException object?
83
85
- ["java.lang", "IllegalStateException", False, "IllegalStateException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new IllegalStateException object?
84
86
- ["java.lang", "UnsupportedOperationException", False, "UnsupportedOperationException", "(String)", "", "Argument[0]", "Argument[-1]", "value", "manual"] # **UNSUPPORTED**: flow from arg to new UnsupportedOperationException object?
85
-
- ["java.util.stream", "Collectors", False, "toList", "()", "", "Argument[-1].Element", "ReturnValue.Element", "value", "manual"] # **UNSUPPORTED**: seems to have flow from input elements into a Collector->List?, is this too complex for MaD like Stream.collect(Collector)?
86
87
87
88
- addsTo:
88
89
pack: codeql/java-all
@@ -117,17 +118,14 @@ extensions:
117
118
- ["java.lang", "String", "isEmpty", "()", "manual"] # UNSUPPORTED: type as sanitizer
118
119
- ["java.lang", "String", "contains", "(CharSequence)", "manual"] # UNSUPPORTED: type as sanitizer
119
120
- ["java.lang", "String", "startsWith", "(String)", "manual"] # UNSUPPORTED: type as sanitizer
120
-
- ["java.lang", "StringBuilder", "toString", "()", "manual"] # **SUPPORTED**: shouldn't model due to causing problems with dataflow?, unless it's fine with StringBuilder? (Note: modelled in java.lang.model.yml at line 34 through AbstractStringBuilder.toString subtyping)
121
121
- ["java.lang", "Enum", "equals", "(Object)", "manual"] # UNSUPPORTED: type as sanitizer
122
122
- ["java.lang", "Enum", "toString", "()", "manual"] # UNSUPPORTED: shouldn't model due to causing problems with dataflow?
123
123
- ["java.lang", "System", "currentTimeMillis", "()", "manual"] # UNSUPPORTED: just gives current time
124
-
- ["java.lang", "Enum", "Enum", "(String,int)", "", "manual"] # UNSUPPORTED: per Javadocs, "Programmers cannot invoke this constructor."
125
-
- ["java.lang", "Enum", "name", "()", "", "manual"] # UNSUPPORTED: just gets name, no flow?, similar usage to toString() per Javadocs
126
-
127
-
# MAYBE Negative models (not sure about these):
128
-
- ["java.util", "Objects", "hash", "(Object[])", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value?
129
-
- ["java.lang", "Object", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value?
130
-
- ["java.lang", "String", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value?
131
-
- ["java.lang", "Throwable", "printStackTrace", "()", "manual"] # UNSUPPORTED: only print stacktrace, no flow? (or flow from Throwable to its printed stacktrace??)
132
-
- ["java.lang", "Throwable", "getMessage", "()", "", "manual"] # UNSUPPORTED: only get message, no flow? (or flow from Throwable to its message??)
133
-
- ["java.sql", "ResultSet", "getString", "(String)", "", "manual"] # UNSUPPORTED: similar to toString()?
124
+
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"] # UNSUPPORTED: per Javadocs, "Programmers cannot invoke this constructor."
125
+
- ["java.lang", "Enum", "name", "()", "manual"] # UNSUPPORTED: just gets name, no flow?, similar usage to toString() per Javadocs
126
+
- ["java.util.stream", "Collectors", "toList", "()", "manual"] # UNSUPPORTED: shouldn't have a model per Anders
127
+
- ["java.lang", "String", "valueOf", "(Object)", "manual"] # UNSUPPORTED: per Anders: "this is a complex case that we haven't fully decided how to deal with"
128
+
- ["java.util", "Objects", "hash", "(Object[])", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
129
+
- ["java.lang", "Object", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
130
+
- ["java.lang", "String", "hashCode", "()", "manual"] # UNSUPPORTED: do we care about controlling the hashcode value? - no per Anders
131
+
- ["java.lang", "Throwable", "printStackTrace", "()", "manual"] # UNSUPPORTED: per Anders: "This should probably not be a general step, but there might be specialised queries that care."
0 commit comments