Skip to content

Commit 5dbb698

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: update open/jdbc-url sink kinds to request-forgery
1 parent cb10f49 commit 5dbb698

File tree

50 files changed

+395
-396
lines changed

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

50 files changed

+395
-396
lines changed

java/ql/lib/ext/com.zaxxer.hikari.model.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,5 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["com.zaxxer.hikari", "HikariConfig", False, "HikariConfig", "(Properties)", "", "Argument[0]", "jdbc-url", "manual"]
7-
- ["com.zaxxer.hikari", "HikariConfig", False, "setJdbcUrl", "(String)", "", "Argument[0]", "jdbc-url", "manual"]
6+
- ["com.zaxxer.hikari", "HikariConfig", False, "HikariConfig", "(Properties)", "", "Argument[0]", "request-forgery", "manual"]
7+
- ["com.zaxxer.hikari", "HikariConfig", False, "setJdbcUrl", "(String)", "", "Argument[0]", "request-forgery", "manual"]

java/ql/lib/ext/generated/kotlinstdlib.model.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,8 @@ extensions:
1616
- ["kotlin.io", "FilesKt", false, "writeBytes", "(File,byte[])", "", "Argument[0]", "path-injection", "df-generated"]
1717
- ["kotlin.io", "FilesKt", false, "writeText", "(File,String,Charset)", "", "Argument[0]", "path-injection", "df-generated"]
1818
- ["kotlin.io", "FilesKt", false, "writer", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"]
19-
- ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "open-url", "df-generated"]
20-
- ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"]
19+
- ["kotlin.io", "TextStreamsKt", false, "readBytes", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"]
20+
- ["kotlin.io", "TextStreamsKt", false, "readText", "(URL,Charset)", "", "Argument[0]", "request-forgery", "df-generated"]
2121

2222

2323
- addsTo:

java/ql/lib/ext/generated/org.apache.commons.io.model.yml

Lines changed: 15 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -7,18 +7,18 @@ extensions:
77
extensible: sinkModel
88
data:
99
- ["org.apache.commons.io.file", "PathFilter", true, "accept", "(Path,BasicFileAttributes)", "", "Argument[0]", "path-injection", "df-generated"]
10-
- ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"]
10+
- ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[0]", "request-forgery", "df-generated"]
1111
- ["org.apache.commons.io.file", "PathUtils", false, "copyFile", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"]
1212
- ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"]
13-
- ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "open-url", "df-generated"]
13+
- ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[0]", "request-forgery", "df-generated"]
1414
- ["org.apache.commons.io.file", "PathUtils", false, "copyFileToDirectory", "(URL,Path,CopyOption[])", "", "Argument[1]", "path-injection", "df-generated"]
1515
- ["org.apache.commons.io.file", "PathUtils", false, "newOutputStream", "(Path,boolean)", "", "Argument[0]", "path-injection", "df-generated"]
1616
- ["org.apache.commons.io.file", "PathUtils", false, "writeString", "(Path,CharSequence,Charset,OpenOption[])", "", "Argument[0]", "path-injection", "df-generated"]
1717
- ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filter", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"]
1818
- ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterList", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"]
1919
- ["org.apache.commons.io.filefilter", "FileFilterUtils", true, "filterSet", "(IOFileFilter,File[])", "", "Argument[1]", "path-injection", "df-generated"]
2020
- ["org.apache.commons.io.input", "Tailer$Tailable", true, "getRandomAccess", "(String)", "", "Argument[this]", "path-injection", "df-generated"]
21-
- ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "open-url", "df-generated"]
21+
- ["org.apache.commons.io.input", "XmlStreamReader", true, "XmlStreamReader", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"]
2222
- ["org.apache.commons.io.output", "DeferredFileOutputStream", true, "writeTo", "(OutputStream)", "", "Argument[0]", "path-injection", "df-generated"]
2323
- ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset)", "", "Argument[0]", "path-injection", "df-generated"]
2424
- ["org.apache.commons.io.output", "FileWriterWithEncoding", true, "FileWriterWithEncoding", "(File,Charset,boolean)", "", "Argument[0]", "path-injection", "df-generated"]
@@ -60,9 +60,9 @@ extensions:
6060
- ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"]
6161
- ["org.apache.commons.io", "FileUtils", true, "copyToDirectory", "(Iterable,File)", "", "Argument[1]", "path-injection", "df-generated"]
6262
- ["org.apache.commons.io", "FileUtils", true, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "df-generated"]
63-
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"]
63+
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[0]", "request-forgery", "df-generated"]
6464
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"]
65-
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "open-url", "df-generated"]
65+
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[0]", "request-forgery", "df-generated"]
6666
- ["org.apache.commons.io", "FileUtils", true, "copyURLToFile", "(URL,File,int,int)", "", "Argument[1]", "path-injection", "df-generated"]
6767
- ["org.apache.commons.io", "FileUtils", true, "moveDirectory", "(File,File)", "", "Argument[1]", "path-injection", "df-generated"]
6868
- ["org.apache.commons.io", "FileUtils", true, "moveDirectoryToDirectory", "(File,File,boolean)", "", "Argument[1]", "path-injection", "df-generated"]
@@ -98,17 +98,17 @@ extensions:
9898
- ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String)", "", "Argument[0]", "path-injection", "df-generated"]
9999
- ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"]
100100
- ["org.apache.commons.io", "FileUtils", true, "writeStringToFile", "(File,String,boolean)", "", "Argument[0]", "path-injection", "df-generated"]
101-
- ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "open-url", "df-generated"]
101+
- ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[0]", "request-forgery", "df-generated"]
102102
- ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,File)", "", "Argument[1]", "path-injection", "df-generated"]
103-
- ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "open-url", "df-generated"]
104-
- ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "open-url", "df-generated"]
105-
- ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "open-url", "df-generated"]
106-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI)", "", "Argument[0]", "open-url", "df-generated"]
107-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,Charset)", "", "Argument[0]", "open-url", "df-generated"]
108-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,String)", "", "Argument[0]", "open-url", "df-generated"]
109-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "open-url", "df-generated"]
110-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "open-url", "df-generated"]
111-
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "open-url", "df-generated"]
103+
- ["org.apache.commons.io", "IOUtils", true, "copy", "(URL,OutputStream)", "", "Argument[0]", "request-forgery", "df-generated"]
104+
- ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URI)", "", "Argument[0]", "request-forgery", "df-generated"]
105+
- ["org.apache.commons.io", "IOUtils", true, "toByteArray", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"]
106+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI)", "", "Argument[0]", "request-forgery", "df-generated"]
107+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,Charset)", "", "Argument[0]", "request-forgery", "df-generated"]
108+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URI,String)", "", "Argument[0]", "request-forgery", "df-generated"]
109+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL)", "", "Argument[0]", "request-forgery", "df-generated"]
110+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,Charset)", "", "Argument[0]", "request-forgery", "df-generated"]
111+
- ["org.apache.commons.io", "IOUtils", true, "toString", "(URL,String)", "", "Argument[0]", "request-forgery", "df-generated"]
112112
- ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(File)", "", "Argument[0]", "path-injection", "df-generated"]
113113
- ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(Path)", "", "Argument[0]", "path-injection", "df-generated"]
114114
- ["org.apache.commons.io", "RandomAccessFileMode", false, "create", "(String)", "", "Argument[0]", "path-injection", "df-generated"]

java/ql/lib/ext/hudson.cli.model.yml

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -3,5 +3,5 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[0]", "open-url", "ai-manual"]
7-
- ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[1]", "open-url", "manual"]
6+
- ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
7+
- ["hudson.cli", "FullDuplexHttpStream", True, "FullDuplexHttpStream", "(URL,String,String)", "", "Argument[1]", "request-forgery", "manual"]

java/ql/lib/ext/hudson.model.model.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "open-url", "ai-manual"]
7-
- ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "open-url", "ai-manual"]
6+
- ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"]
7+
- ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"]
88
- ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"]
99
- ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "path-injection", "ai-manual"]
10-
- ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(DownloadJob,URL)", "", "Argument[1]", "open-url", "ai-manual"]
10+
- ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(DownloadJob,URL)", "", "Argument[1]", "request-forgery", "ai-manual"]
1111
- ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[1]", "path-injection", "ai-manual"]
1212
- ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(DownloadJob,File,File)", "", "Argument[2]", "path-injection", "ai-manual"]
1313
- addsTo:

java/ql/lib/ext/hudson.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,7 +12,7 @@ extensions:
1212
- ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
1313
- ["hudson", "FilePath", False, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"]
1414
- ["hudson", "FilePath", False, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"]
15-
- ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "open-url", "ai-manual"]
15+
- ["hudson", "FilePath", False, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"]
1616
- ["hudson", "FilePath", False, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
1717
- addsTo:
1818
pack: codeql/java-all

java/ql/lib/ext/io.netty.bootstrap.model.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,6 +3,6 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(InetAddress,int)", "", "Argument[0]", "open-url", "ai-manual"]
7-
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"]
8-
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(String,int)", "", "Argument[0]", "open-url", "ai-manual"]
6+
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(InetAddress,int)", "", "Argument[0]", "request-forgery", "ai-manual"]
7+
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"]
8+
- ["io.netty.bootstrap", "Bootstrap", True, "connect", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"]

java/ql/lib/ext/io.netty.channel.model.yml

Lines changed: 9 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -3,15 +3,15 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["io.netty.channel", "Channel$Unsafe", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"]
7-
- ["io.netty.channel", "ChannelDuplexHandler", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "open-url", "ai-manual"]
8-
- ["io.netty.channel", "ChannelOutboundHandlerAdapter", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "open-url", "ai-manual"]
9-
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"]
10-
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"]
11-
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"]
12-
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"]
13-
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "open-url", "ai-manual"]
14-
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress)", "", "Argument[0]", "open-url", "ai-manual"]
6+
- ["io.netty.channel", "Channel$Unsafe", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"]
7+
- ["io.netty.channel", "ChannelDuplexHandler", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "request-forgery", "ai-manual"]
8+
- ["io.netty.channel", "ChannelOutboundHandlerAdapter", True, "connect", "(ChannelHandlerContext,SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[1]", "request-forgery", "ai-manual"]
9+
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"]
10+
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"]
11+
- ["io.netty.channel", "ChannelOutboundInvoker", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"]
12+
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"]
13+
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress,ChannelPromise)", "", "Argument[0]", "request-forgery", "ai-manual"]
14+
- ["io.netty.channel", "DefaultChannelPipeline", False, "connect", "(SocketAddress,SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"]
1515
- addsTo:
1616
pack: codeql/java-all
1717
extensible: sourceModel

java/ql/lib/ext/io.netty.handler.codec.http.model.yml

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,9 @@ extensions:
33
pack: codeql/java-all
44
extensible: sinkModel
55
data:
6-
- ["io.netty.handler.codec.http", "DefaultFullHttpRequest", True, "DefaultFullHttpRequest", "(HttpVersion,HttpMethod,String,ByteBuf)", "", "Argument[2]", "open-url", "ai-manual"]
7-
- ["io.netty.handler.codec.http", "DefaultHttpRequest", True, "DefaultHttpRequest", "(HttpVersion,HttpMethod,String)", "", "Argument[2]", "open-url", "ai-manual"]
8-
- ["io.netty.handler.codec.http", "HttpRequest", True, "setUri", "", "", "Argument[0]", "open-url", "manual"]
6+
- ["io.netty.handler.codec.http", "DefaultFullHttpRequest", True, "DefaultFullHttpRequest", "(HttpVersion,HttpMethod,String,ByteBuf)", "", "Argument[2]", "request-forgery", "ai-manual"]
7+
- ["io.netty.handler.codec.http", "DefaultHttpRequest", True, "DefaultHttpRequest", "(HttpVersion,HttpMethod,String)", "", "Argument[2]", "request-forgery", "ai-manual"]
8+
- ["io.netty.handler.codec.http", "HttpRequest", True, "setUri", "", "", "Argument[0]", "request-forgery", "manual"]
99
- addsTo:
1010
pack: codeql/java-all
1111
extensible: summaryModel

java/ql/lib/ext/io.netty.util.internal.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@ extensions:
44
extensible: sinkModel
55
data:
66
- ["io.netty.util.internal", "PlatformDependent", False, "createTempFile", "(String,String,File)", "", "Argument[2]", "path-injection", "ai-manual"]
7-
- ["io.netty.util.internal", "SocketUtils", False, "connect", "(Socket,SocketAddress,int)", "", "Argument[1]", "open-url", "ai-manual"]
7+
- ["io.netty.util.internal", "SocketUtils", False, "connect", "(Socket,SocketAddress,int)", "", "Argument[1]", "request-forgery", "ai-manual"]
88
- addsTo:
99
pack: codeql/java-all
1010
extensible: summaryModel

0 commit comments

Comments
 (0)