Refactor EnvInput to MaD

egregius313 · egregius313 · commit 655470f3dacd · 2023-10-03T22:28:47.000-04:00
diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml
@@ -128,3 +128,8 @@ extensions:
       # sink neutrals
       - ["java.io", "File", "compareTo", "", "sink", "hq-manual"]
       - ["java.io", "File", "exists", "()", "sink", "hq-manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[this]", "file", "manual"]
diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml
@@ -40,6 +40,13 @@ extensions:
       - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Supplier)", "", "Argument[1..2]", "log-injection", "manual"]
       - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Supplier,Throwable)", "", "Argument[1..2]", "log-injection", "manual"]
       - ["java.lang", "System$Logger", True, "log", "(System$Logger$Level,String,Throwable)", "", "Argument[1]", "log-injection", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["java.lang", "System", False, "getenv", "", "", "ReturnValue", "environment", "manual"]
+      - ["java.lang", "System", False, "getProperties", "", "", "ReturnValue", "environment", "manual"]
+      - ["java.lang", "System", False, "getProperty", "", "", "ReturnValue", "environment", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/ext/java.util.model.yml b/java/ql/lib/ext/java.util.model.yml
@@ -1,4 +1,11 @@
 extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["java.util", "Properties", True, "get", "", "", "ReturnValue", "environment", "manual"]
+      - ["java.util", "Properties", True, "getProperty", "", "", "ReturnValue", "environment", "manual"]
+
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -233,10 +233,7 @@ deprecated class EnvInput extends DataFlow::Node {
  * environment variables.
  */
 private class EnvironmentInput extends LocalUserInput {
-  EnvironmentInput() {
-    // Results from various specific methods.
-    this.asExpr().(MethodAccess).getMethod() instanceof EnvReadMethod
-  }
+  EnvironmentInput() { sourceNode(this, "environment") }
 
   override string getThreatModel() { result = "environment" }
 }
@@ -268,10 +265,7 @@ private class CliInput extends LocalUserInput {
 private class FileInput extends LocalUserInput {
   FileInput() {
     // Access to files.
-    this.asExpr()
-        .(ConstructorCall)
-        .getConstructedType()
-        .hasQualifiedName("java.io", "FileInputStream")
+    sourceNode(this, "file")
   }
 
   override string getThreatModel() { result = "file" }
