Skip to content

Commit c32a75a

Browse files
aschackmullaschackmull
authored
Merge pull request github#6183 from smowton/smowton/feature/javax-json-models
Add models of the jakarta/javax.json package
2 parents 6de31f8 + 78fe0f8 commit c32a75a

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

53 files changed

+4774
-0
lines changed

java/change-notes/2021-06-29-javax-json-models.md

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,2 @@
1+
lgtm,codescanning
2+
* Added models of `javax.json` classes and methods. This may lead to more results where tracking tainted dataflow across JSON encoding or decoding is needed to diagnose a security or other issue.

java/ql/src/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -83,6 +83,7 @@ private module Frameworks {
8383
private import semmle.code.java.frameworks.apache.Lang
8484
private import semmle.code.java.frameworks.guava.Guava
8585
private import semmle.code.java.frameworks.jackson.JacksonSerializability
86+
private import semmle.code.java.frameworks.JavaxJson
8687
private import semmle.code.java.frameworks.JaxWS
8788
private import semmle.code.java.frameworks.Optional
8889
private import semmle.code.java.frameworks.spring.SpringCache

java/ql/src/semmle/code/java/frameworks/JavaxJson.qll

Lines changed: 138 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,138 @@
1+
/**
2+
* Provides models for the `javax.json` and `jakarta.json` packages.
3+
*/
4+
5+
import java
6+
private import semmle.code.java.dataflow.ExternalFlow
7+
8+
private class FlowSummaries extends SummaryModelCsv {
9+
override predicate row(string row) {
10+
row =
11+
["javax", "jakarta"] +
12+
[
13+
".json;Json;false;createArrayBuilder;(JsonArray);;Argument[0];ReturnValue;taint",
14+
".json;Json;false;createArrayBuilder;(Collection);;Element of Argument[0];ReturnValue;taint",
15+
".json;Json;false;createDiff;;;Argument[0..1];ReturnValue;taint",
16+
".json;Json;false;createMergeDiff;;;Argument[0..1];ReturnValue;taint",
17+
".json;Json;false;createMergePatch;;;Argument[0];ReturnValue;taint",
18+
".json;Json;false;createObjectBuilder;(JsonObject);;Argument[0];ReturnValue;taint",
19+
".json;Json;false;createObjectBuilder;(Map);;MapKey of Argument[0];ReturnValue;taint",
20+
".json;Json;false;createObjectBuilder;(Map);;MapValue of Argument[0];ReturnValue;taint",
21+
".json;Json;false;createPatch;;;Argument[0];ReturnValue;taint",
22+
".json;Json;false;createPatchBuilder;;;Argument[0];ReturnValue;taint",
23+
".json;Json;false;createPointer;;;Argument[0];ReturnValue;taint",
24+
".json;Json;false;createReader;;;Argument[0];ReturnValue;taint",
25+
".json;Json;false;createValue;;;Argument[0];ReturnValue;taint",
26+
".json;Json;false;createWriter;;;Argument[0];ReturnValue;taint",
27+
".json;Json;false;decodePointer;;;Argument[0];ReturnValue;taint",
28+
".json;Json;false;encodePointer;;;Argument[0];ReturnValue;taint",
29+
".json;JsonArray;false;getBoolean;;;Argument[-1];ReturnValue;taint",
30+
".json;JsonArray;false;getBoolean;;;Argument[1];ReturnValue;value",
31+
".json;JsonArray;false;getInt;;;Argument[-1];ReturnValue;taint",
32+
".json;JsonArray;false;getInt;;;Argument[1];ReturnValue;value",
33+
".json;JsonArray;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
34+
".json;JsonArray;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
35+
".json;JsonArray;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
36+
".json;JsonArray;false;getJsonString;;;Argument[-1];ReturnValue;taint",
37+
".json;JsonArray;false;getString;;;Argument[-1];ReturnValue;taint",
38+
".json;JsonArray;false;getString;;;Argument[1];ReturnValue;value",
39+
".json;JsonArray;false;getValuesAs;;;Argument[-1];ReturnValue;taint",
40+
".json;JsonArrayBuilder;false;add;;;Argument[-1];ReturnValue;value",
41+
".json;JsonArrayBuilder;false;add;(boolean);;Argument[0];Argument[-1];taint",
42+
".json;JsonArrayBuilder;false;add;(double);;Argument[0];Argument[-1];taint",
43+
".json;JsonArrayBuilder;false;add;(int);;Argument[0];Argument[-1];taint",
44+
".json;JsonArrayBuilder;false;add;(long);;Argument[0];Argument[-1];taint",
45+
".json;JsonArrayBuilder;false;add;(JsonArrayBuilder);;Argument[0];Argument[-1];taint",
46+
".json;JsonArrayBuilder;false;add;(JsonObjectBuilder);;Argument[0];Argument[-1];taint",
47+
".json;JsonArrayBuilder;false;add;(JsonValue);;Argument[0];Argument[-1];taint",
48+
".json;JsonArrayBuilder;false;add;(String);;Argument[0];Argument[-1];taint",
49+
".json;JsonArrayBuilder;false;add;(BigDecimal);;Argument[0];Argument[-1];taint",
50+
".json;JsonArrayBuilder;false;add;(BigInteger);;Argument[0];Argument[-1];taint",
51+
".json;JsonArrayBuilder;false;add;(int,boolean);;Argument[1];Argument[-1];taint",
52+
".json;JsonArrayBuilder;false;add;(int,double);;Argument[1];Argument[-1];taint",
53+
".json;JsonArrayBuilder;false;add;(int,int);;Argument[1];Argument[-1];taint",
54+
".json;JsonArrayBuilder;false;add;(int,long);;Argument[1];Argument[-1];taint",
55+
".json;JsonArrayBuilder;false;add;(int,JsonArrayBuilder);;Argument[1];Argument[-1];taint",
56+
".json;JsonArrayBuilder;false;add;(int,JsonObjectBuilder);;Argument[1];Argument[-1];taint",
57+
".json;JsonArrayBuilder;false;add;(int,JsonValue);;Argument[1];Argument[-1];taint",
58+
".json;JsonArrayBuilder;false;add;(int,String);;Argument[1];Argument[-1];taint",
59+
".json;JsonArrayBuilder;false;add;(int,BigDecimal);;Argument[1];Argument[-1];taint",
60+
".json;JsonArrayBuilder;false;add;(int,BigInteger);;Argument[1];Argument[-1];taint",
61+
".json;JsonArrayBuilder;false;addAll;;;Argument[0];Argument[-1];taint",
62+
".json;JsonArrayBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
63+
".json;JsonArrayBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
64+
".json;JsonArrayBuilder;false;build;;;Argument[-1];ReturnValue;taint",
65+
".json;JsonArrayBuilder;false;remove;;;Argument[-1];ReturnValue;value",
66+
".json;JsonArrayBuilder;false;set;;;Argument[1];Argument[-1];taint",
67+
".json;JsonArrayBuilder;false;set;;;Argument[-1];ReturnValue;value",
68+
".json;JsonArrayBuilder;false;setNull;;;Argument[-1];ReturnValue;value",
69+
".json;JsonMergePatch;false;apply;;;Argument[-1];ReturnValue;taint",
70+
".json;JsonMergePatch;false;apply;;;Argument[0];ReturnValue;taint",
71+
".json;JsonMergePatch;false;toJsonValue;;;Argument[-1];ReturnValue;taint",
72+
".json;JsonNumber;false;bigDecimalValue;;;Argument[-1];ReturnValue;taint",
73+
".json;JsonNumber;false;bigIntegerValue;;;Argument[-1];ReturnValue;taint",
74+
".json;JsonNumber;false;bigIntegerValueExact;;;Argument[-1];ReturnValue;taint",
75+
".json;JsonNumber;false;doubleValue;;;Argument[-1];ReturnValue;taint",
76+
".json;JsonNumber;false;intValue;;;Argument[-1];ReturnValue;taint",
77+
".json;JsonNumber;false;intValueExact;;;Argument[-1];ReturnValue;taint",
78+
".json;JsonNumber;false;longValue;;;Argument[-1];ReturnValue;taint",
79+
".json;JsonNumber;false;longValueExact;;;Argument[-1];ReturnValue;taint",
80+
".json;JsonNumber;false;numberValue;;;Argument[-1];ReturnValue;taint",
81+
".json;JsonObject;false;getBoolean;;;Argument[-1];ReturnValue;taint",
82+
".json;JsonObject;false;getBoolean;;;Argument[1];ReturnValue;value",
83+
".json;JsonObject;false;getInt;;;Argument[-1];ReturnValue;taint",
84+
".json;JsonObject;false;getInt;;;Argument[1];ReturnValue;value",
85+
".json;JsonObject;false;getJsonArray;;;Argument[-1];ReturnValue;taint",
86+
".json;JsonObject;false;getJsonNumber;;;Argument[-1];ReturnValue;taint",
87+
".json;JsonObject;false;getJsonObject;;;Argument[-1];ReturnValue;taint",
88+
".json;JsonObject;false;getJsonString;;;Argument[-1];ReturnValue;taint",
89+
".json;JsonObject;false;getString;;;Argument[-1];ReturnValue;taint",
90+
".json;JsonObject;false;getString;;;Argument[1];ReturnValue;value",
91+
".json;JsonObjectBuilder;false;add;;;Argument[-1];ReturnValue;value",
92+
".json;JsonObjectBuilder;false;add;;;Argument[1];Argument[-1];taint",
93+
".json;JsonObjectBuilder;false;addAll;;;Argument[0];ReturnValue;value",
94+
".json;JsonObjectBuilder;false;addAll;;;Argument[-1];ReturnValue;value",
95+
".json;JsonObjectBuilder;false;addNull;;;Argument[-1];ReturnValue;value",
96+
".json;JsonObjectBuilder;false;build;;;Argument[-1];ReturnValue;taint",
97+
".json;JsonObjectBuilder;false;remove;;;Argument[-1];ReturnValue;value",
98+
".json;JsonPatch;false;apply;;;Argument[-1];ReturnValue;taint",
99+
".json;JsonPatch;false;apply;;;Argument[0];ReturnValue;taint",
100+
".json;JsonPatch;false;toJsonArray;;;Argument[-1];ReturnValue;taint",
101+
".json;JsonPatchBuilder;false;add;;;Argument[0..1];ReturnValue;taint",
102+
".json;JsonPatchBuilder;false;add;;;Argument[-1];ReturnValue;value",
103+
".json;JsonPatchBuilder;false;build;;;Argument[-1];ReturnValue;taint",
104+
".json;JsonPatchBuilder;false;copy;;;Argument[0..1];ReturnValue;taint",
105+
".json;JsonPatchBuilder;false;copy;;;Argument[-1];ReturnValue;value",
106+
".json;JsonPatchBuilder;false;move;;;Argument[0..1];ReturnValue;taint",
107+
".json;JsonPatchBuilder;false;move;;;Argument[-1];ReturnValue;value",
108+
".json;JsonPatchBuilder;false;remove;;;Argument[0];ReturnValue;taint",
109+
".json;JsonPatchBuilder;false;remove;;;Argument[-1];ReturnValue;value",
110+
".json;JsonPatchBuilder;false;replace;;;Argument[0..1];ReturnValue;taint",
111+
".json;JsonPatchBuilder;false;replace;;;Argument[-1];ReturnValue;value",
112+
".json;JsonPatchBuilder;false;test;;;Argument[0..1];ReturnValue;taint",
113+
".json;JsonPatchBuilder;false;test;;;Argument[-1];ReturnValue;value",
114+
".json;JsonPointer;false;add;;;Argument[-1];ReturnValue;taint",
115+
".json;JsonPointer;false;add;;;Argument[0..1];ReturnValue;taint",
116+
".json;JsonPointer;false;getValue;;;Argument[0];ReturnValue;taint",
117+
".json;JsonPointer;false;remove;;;Argument[0];ReturnValue;taint",
118+
".json;JsonPointer;false;replace;;;Argument[0..1];ReturnValue;taint",
119+
".json;JsonPointer;false;toString;;;Argument[-1];ReturnValue;taint",
120+
".json;JsonReader;false;read;;;Argument[-1];ReturnValue;taint",
121+
".json;JsonReader;false;readArray;;;Argument[-1];ReturnValue;taint",
122+
".json;JsonReader;false;readObject;;;Argument[-1];ReturnValue;taint",
123+
".json;JsonReader;false;readValue;;;Argument[-1];ReturnValue;taint",
124+
".json;JsonReaderFactory;false;createReader;;;Argument[0];ReturnValue;taint",
125+
".json;JsonString;false;getChars;;;Argument[-1];ReturnValue;taint",
126+
".json;JsonString;false;getString;;;Argument[-1];ReturnValue;taint",
127+
".json;JsonStructure;true;getValue;;;Argument[-1];ReturnValue;taint",
128+
".json;JsonValue;true;asJsonArray;;;Argument[-1];ReturnValue;taint",
129+
".json;JsonValue;true;asJsonObject;;;Argument[-1];ReturnValue;taint",
130+
".json;JsonValue;true;toString;;;Argument[-1];ReturnValue;taint",
131+
".json;JsonWriter;false;write;;;Argument[0];Argument[-1];taint",
132+
".json;JsonWriter;false;writeArray;;;Argument[0];Argument[-1];taint",
133+
".json;JsonWriter;false;writeObject;;;Argument[0];Argument[-1];taint",
134+
".json;JsonWriterFactory;false;createWriter;;;Argument[-1];Argument[0];taint",
135+
".json.stream;JsonParserFactory;false;createParser;;;Argument[0];ReturnValue;taint"
136+
]
137+
}
138+
}

0 commit comments

Comments
 (0)