Java: add neutral models discovered with path-inj and ssrf heuristics

Author: Jami Cogswell

java/ql/lib/ext/java.io.model.yml

@@ -100,6 +100,7 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
+      # summary neutrals
       - ["java.io", "Closeable", "close", "()", "summary", "manual"]
       - ["java.io", "DataOutput", "writeBoolean", "(boolean)", "summary", "manual"]
       - ["java.io", "File", "delete", "()", "summary", "manual"]
@@ -117,3 +118,7 @@ extensions:
       - ["java.io", "DataInput", "readLong", "()", "summary", "manual"]        # taint-numeric
       - ["java.io", "DataOutput", "writeInt", "(int)", "summary", "manual"]    # taint-numeric
       - ["java.io", "DataOutput", "writeLong", "(long)", "summary", "manual"]  # taint-numeric
+
+      # sink neutrals
+      - ["java.io", "File", "compareTo", "", "sink", "manual"]
+      - ["java.io", "File", "exists", "()", "sink", "manual"]

java/ql/lib/ext/java.nio.file.model.yml

@@ -81,4 +81,22 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
+      # summary neutrals
       - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"]
+
+      # sink neutrals
+      - ["java.nio.file", "Files" "exists", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "getLastModifiedTime", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "getOwner", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "getPosixFilePermissions", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isDirectory", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isExecutable", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isHidden", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isReadable", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isRegularFile", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isSameFile", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isSymbolicLink", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "isWritable", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "notExists", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "setLastModifiedTime", "", "sink", "manual"]
+      - ["java.nio.file", "Files" "size", "", "sink", "manual"]

java/ql/lib/ext/java.nio.file.spi.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["java.nio.file.spi", "FileSystemProvider" "isHidden", "", "manual"]
+      - ["java.nio.file.spi", "FileSystemProvider" "isSameFile", "", "manual"]

java/ql/lib/ext/java.text.model.yml

@@ -3,6 +3,10 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
+      - ["java.text", "Collator" "compare", "", "manual"]
+      - ["java.text", "Collator" "equals", "", "manual"]
+      - ["java.text", "RuleBasedCollator", "compare", "", "manual"]
+
       # The below APIs have numeric flow and are currently being stored as neutral models.
       # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
       - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"]                   # taint-numeric

java/ql/lib/ext/java.util.prefs.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["java.util.prefs", "AbstractPreferences", "nodeExists", "", "manual"]
+      - ["java.util.prefs", "Preferences", "nodeExists", "", "manual"]

java/ql/lib/ext/org.apache.hc.client5.http.protocol.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["org.apache.hc.client5.http.protocol", "RedirectLocations", "contains", "", "manual"]