Update MaD Declarations after Triage

Stephan Brandauer · Stephan Brandauer · commit 0a5d19fc710c · 2023-04-05T15:15:02.000+02:00
diff --git a/java/ql/lib/change-notes/2023-03-28.md b/java/ql/lib/change-notes/2023-03-28.md
@@ -0,0 +1,13 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.google.common.io
+  * com.hippo.unifile
+  * java.lang
+  * java.nio.file
+  * kotlin.io
+  * org.apache.commons.httpclient.util
+  * org.apache.http.client
+  * org.eclipse.jetty.client
diff --git a/java/ql/lib/ext/com.google.common.io.model.yml b/java/ql/lib/ext/com.google.common.io.model.yml
@@ -3,6 +3,13 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["com.google.common.io", "Files", False, "asCharSink", "(File,Charset,FileWriteMode[])", "", "Argument[0]", "write-file", "ai-generated"] # this is a bit like a stream
+      - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[1]", "write-file", "ai-generated"]
       - ["com.google.common.io", "Resources", False, "asByteSource", "(URL)", "", "Argument[0]", "url-open-stream", "manual"]
       - ["com.google.common.io", "Resources", False, "asCharSource", "(URL,Charset)", "", "Argument[0]", "url-open-stream", "manual"]
       - ["com.google.common.io", "Resources", False, "copy", "(URL,OutputStream)", "", "Argument[0]", "url-open-stream", "manual"]
diff --git a/java/ql/lib/ext/com.hippo.unifile.model.yml b/java/ql/lib/ext/com.hippo.unifile.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.hippo.unifile", "UniFile", True, "createDirectory", "(String)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["com.hippo.unifile", "UniFile", True, "createFile", "(String)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["com.hippo.unifile", "UniFile", True, "renameTo", "(String)", "", "Argument[0]", "create-file", "ai-generated"]
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
@@ -4,8 +4,15 @@ extensions:
       extensible: sinkModel
     data:
       - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "read-file", "ai-generated"]
+# suggested label is not supported:      - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-generated"]
+# suggested label is not supported:      - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-generated"]
+# suggested label is not supported:      - ["java.lang", "Runtime", True, "exec", "(String,String[],File)", "", "Argument[0]", "command-injection", "ai-generated"]
+# suggested label is not supported:      - ["java.lang", "Runtime", True, "exec", "(String,String[])", "", "Argument[0]", "command-injection", "ai-generated"]
+# suggested label is not supported:      - ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-generated"]
       # These are modeled in plain CodeQL. TODO: migrate them.
       # - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-generated"]
       # - ["java.lang", "ProcessBuilder", True, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-generated"]
@@ -125,7 +132,6 @@ extensions:
       - ["java.lang", "Throwable", True, "getMessage", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
       - ["java.lang", "Throwable", True, "getLocalizedMessage", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "value", "manual"]
       - ["java.lang", "Throwable", True, "toString", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.message]", "ReturnValue", "taint", "manual"]
-
   - addsTo:
       pack: codeql/java-all
       extensible: neutralModel
diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml
@@ -11,14 +11,26 @@ extensions:
       - ["java.nio.file", "Files", False, "createLink", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "createSymbolicLink", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "createTempDirectory", "(Path,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createTempDirectory", "(String,FileAttribute[])", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "createTempDirectory", "(String)", "", "Argument[0]", "create-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String)", "", "Argument[0]", "create-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file
       - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file
+# suggested label is not supported:      - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "write-file", "manual"]
       - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "create-file", "manual"]
@@ -28,6 +40,8 @@ extensions:
       - ["java.nio.file", "Files", True, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file
       - ["java.nio.file", "Files", True, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", True, "newOutputStream", "(Path,OpenOption[])", "", "Argument[0]", "create-file", "ai-generated"]
+# suggested label is not supported:      - ["java.nio.file", "SecureDirectoryStream", True, "deleteDirectory", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"]
+# suggested label is not supported:      - ["java.nio.file", "SecureDirectoryStream", True, "deleteFile", "(Path)", "", "Argument[0]", "delete-file", "ai-generated"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
@@ -49,6 +63,7 @@ extensions:
       - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
       - ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
       - ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["java.nio.file", "Path", True, "relativize", "(Path)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
       - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
       - ["java.nio.file", "Path", True, "toAbsolutePath", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@@ -62,7 +77,6 @@ extensions:
       # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]", "Argument[1].Method[preVisitDirectory(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"]
       # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]" "Argument[1].Method[visitFile(Path,BasicFileAttributes)].Parameter[0]", "taint", "ai-generated"]
       # - ["java.nio.file", "Files", True, "walkFileTree", "(Path,FileVisitor)", "", "Argument[0]", "Argument[1].Method[visitFileFailed(Path,IOException)].Parameter[0]", "taint", "ai-generated"]
-
   - addsTo:
       pack: codeql/java-all
       extensible: neutralModel
diff --git a/java/ql/lib/ext/kotlin.io.model.yml b/java/ql/lib/ext/kotlin.io.model.yml
@@ -0,0 +1,22 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+# suggested label is not supported:      - ["kotlin.io", "FilesKt", False, "deleteRecursively", "(File)", "", "Argument[0]", "delete-file", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "readText", "(File,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["kotlin.io", "FilesKt", False, "normalize", "(File)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "relativeTo", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "relativeToOrNull", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "relativeToOrNull", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "resolve", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "resolve", "(File,String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "toRelativeString", "(File,File)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["kotlin.io", "FilesKt", False, "toRelativeString", "(File,File)", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
diff --git a/java/ql/lib/ext/org.apache.commons.httpclient.util.model.yml b/java/ql/lib/ext/org.apache.commons.httpclient.util.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.commons.httpclient.util", "URIUtil", True, "encodePath", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
diff --git a/java/ql/lib/ext/org.apache.http.client.model.yml b/java/ql/lib/ext/org.apache.http.client.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,HttpContext)", "", "Argument[0]", "open-url", "ai-generated"]
+      - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest,ResponseHandler,HttpContext)", "", "Argument[0]", "open-url", "ai-generated"]
+      - ["org.apache.http.client", "HttpClient", True, "execute", "(HttpUriRequest)", "", "Argument[0]", "open-url", "ai-generated"]
diff --git a/java/ql/lib/ext/org.eclipse.jetty.client.model.yml b/java/ql/lib/ext/org.eclipse.jetty.client.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.eclipse.jetty.client", "HttpClient", True, "newRequest", "(String)", "", "Argument[0]", "open-url", "ai-generated"]
