Skip to content

Commit 97f0037

Browse files
michaelnebelmichaelnebel
committed
Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname.
1 parent 0a931aa commit 97f0037

File tree

3 files changed

+31
-26
lines changed

3 files changed

+31
-26
lines changed

java/ql/lib/ext/generated/java.net.model.yml

Lines changed: 21 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -32,25 +32,27 @@ extensions:
3232
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,InetAddress,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
3333
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,InetAddress,int)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
3434
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
35-
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,SocketAddress)", "", "Argument[2].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
35+
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,SocketAddress)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "taint", "dfc-generated"]
3636
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
3737
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,InetAddress,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
3838
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,InetAddress,int)", "", "Argument[3]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
3939
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
40-
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,SocketAddress)", "", "Argument[3].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
40+
- ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,int,SocketAddress)", "", "Argument[3]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "taint", "dfc-generated"]
4141
- ["java.net", "DatagramPacket", False, "getAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "ReturnValue", "value", "dfc-generated"]
4242
- ["java.net", "DatagramPacket", False, "getData", "()", "", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "ReturnValue", "value", "dfc-generated"]
43-
- ["java.net", "DatagramPacket", False, "getSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "ReturnValue.SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "value", "dfc-generated"]
43+
- ["java.net", "DatagramPacket", False, "getSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "ReturnValue", "taint", "dfc-generated"]
4444
- ["java.net", "DatagramPacket", False, "setAddress", "(InetAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
4545
- ["java.net", "DatagramPacket", False, "setData", "(byte[])", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
4646
- ["java.net", "DatagramPacket", False, "setData", "(byte[],int,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.buf]", "value", "dfc-generated"]
47-
- ["java.net", "DatagramPacket", False, "setSocketAddress", "(SocketAddress)", "", "Argument[0].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
47+
- ["java.net", "DatagramPacket", False, "setSocketAddress", "(SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramPacket.address]", "taint", "dfc-generated"]
4848
- ["java.net", "DatagramSocket", True, "connect", "(InetAddress,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "value", "dfc-generated"]
49-
- ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "value", "dfc-generated"]
49+
- ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "taint", "dfc-generated"]
5050
- ["java.net", "DatagramSocket", True, "getChannel", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
5151
- ["java.net", "DatagramSocket", True, "getInetAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "ReturnValue", "value", "dfc-generated"]
52+
- ["java.net", "DatagramSocket", True, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
5253
- ["java.net", "DatagramSocket", True, "getLocalSocketAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
53-
- ["java.net", "DatagramSocket", True, "getRemoteSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "ReturnValue.SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "value", "dfc-generated"]
54+
- ["java.net", "DatagramSocket", True, "getRemoteSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "ReturnValue", "taint", "dfc-generated"]
55+
- ["java.net", "DatagramSocket", True, "receive", "(DatagramPacket)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"]
5456
- ["java.net", "DatagramSocket", True, "send", "(DatagramPacket)", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.connectedAddress]", "Argument[0].SyntheticField[java.net.DatagramPacket.address]", "value", "dfc-generated"]
5557
- ["java.net", "DatagramSocket", True, "setOption", "(SocketOption,Object)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"]
5658
- ["java.net", "DatagramSocket", True, "supportedOptions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
@@ -94,10 +96,6 @@ extensions:
9496
- ["java.net", "InetAddress", True, "getByAddress", "(String,byte[])", "", "Argument[1]", "ReturnValue.SyntheticField[java.net.Inet6Address.holder6].SyntheticField[java.net.Inet6Address$Inet6AddressHolder.ipaddress]", "taint", "dfc-generated"]
9597
- ["java.net", "InetAddress", True, "getCanonicalHostName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
9698
- ["java.net", "InetAddress", True, "getHostName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
97-
- ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(InetAddress,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "value", "dfc-generated"]
98-
- ["java.net", "InetSocketAddress", True, "getAddress", "()", "", "Argument[this].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "ReturnValue", "value", "dfc-generated"]
99-
- ["java.net", "InetSocketAddress", True, "getHostName", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
100-
- ["java.net", "InetSocketAddress", True, "getHostString", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
10199
- ["java.net", "InterfaceAddress", True, "getAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
102100
- ["java.net", "InterfaceAddress", True, "getBroadcast", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
103101
- ["java.net", "JarURLConnection", True, "getAttributes", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
@@ -110,6 +108,7 @@ extensions:
110108
- ["java.net", "MalformedURLException", True, "MalformedURLException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
111109
- ["java.net", "MulticastSocket", True, "getInterface", "()", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.infAddress]", "ReturnValue", "value", "dfc-generated"]
112110
- ["java.net", "MulticastSocket", True, "getInterface", "()", "", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[sun.nio.ch.DatagramSocketAdaptor.outgoingInetAddress]", "ReturnValue", "value", "dfc-generated"]
111+
- ["java.net", "MulticastSocket", True, "send", "(DatagramPacket,byte)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
113112
- ["java.net", "MulticastSocket", True, "send", "(DatagramPacket,byte)", "", "Argument[this]", "Argument[0]", "taint", "df-generated"]
114113
- ["java.net", "MulticastSocket", True, "setInterface", "(InetAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[java.net.NetMulticastSocket.infAddress]", "value", "dfc-generated"]
115114
- ["java.net", "MulticastSocket", True, "setInterface", "(InetAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.DatagramSocket.delegate].SyntheticField[sun.nio.ch.DatagramSocketAdaptor.outgoingInetAddress]", "value", "dfc-generated"]
@@ -130,24 +129,29 @@ extensions:
130129
- ["java.net", "Proxy", True, "Proxy", "(Proxy$Type,SocketAddress)", "", "Argument[1]", "Argument[this].SyntheticField[java.net.Proxy.sa]", "value", "dfc-generated"]
131130
- ["java.net", "Proxy", True, "address", "()", "", "Argument[this].SyntheticField[java.net.Proxy.sa]", "ReturnValue", "value", "dfc-generated"]
132131
- ["java.net", "ProxySelector", True, "select", "(URI)", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
133-
- ["java.net", "ServerSocket", True, "ServerSocket", "(int,int,InetAddress)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "value", "dfc-generated"]
132+
- ["java.net", "ServerSocket", True, "ServerSocket", "(int,int,InetAddress)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
134133
- ["java.net", "ServerSocket", True, "accept", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
135-
- ["java.net", "ServerSocket", True, "bind", "(SocketAddress)", "", "Argument[0].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "value", "dfc-generated"]
136-
- ["java.net", "ServerSocket", True, "bind", "(SocketAddress,int)", "", "Argument[0].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "value", "dfc-generated"]
134+
- ["java.net", "ServerSocket", True, "bind", "(SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
135+
- ["java.net", "ServerSocket", True, "bind", "(SocketAddress,int)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
137136
- ["java.net", "ServerSocket", True, "getChannel", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
138137
- ["java.net", "ServerSocket", True, "getInetAddress", "()", "", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "ReturnValue", "value", "dfc-generated"]
139-
- ["java.net", "ServerSocket", True, "getLocalSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.ServerSocket.impl].SyntheticField[java.net.SocketImpl.address]", "ReturnValue.SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "value", "dfc-generated"]
138+
- ["java.net", "ServerSocket", True, "getLocalSocketAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
140139
- ["java.net", "ServerSocket", True, "setOption", "(SocketOption,Object)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"]
141140
- ["java.net", "ServerSocket", True, "supportedOptions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
141+
- ["java.net", "Socket", True, "Socket", "(InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
142+
- ["java.net", "Socket", True, "Socket", "(InetAddress,int,InetAddress,int)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
143+
- ["java.net", "Socket", True, "Socket", "(InetAddress,int,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
144+
- ["java.net", "Socket", True, "Socket", "(Proxy)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
142145
- ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
143-
- ["java.net", "Socket", True, "Socket", "(String,int,InetAddress,int)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
146+
- ["java.net", "Socket", True, "Socket", "(String,int,InetAddress,int)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
144147
- ["java.net", "Socket", True, "Socket", "(String,int,boolean)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
145-
- ["java.net", "Socket", True, "bind", "(SocketAddress)", "", "Argument[0].SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "value", "dfc-generated"]
148+
- ["java.net", "Socket", True, "bind", "(SocketAddress)", "", "Argument[0]", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "taint", "dfc-generated"]
146149
- ["java.net", "Socket", True, "getChannel", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
147150
- ["java.net", "Socket", True, "getInetAddress", "()", "", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "ReturnValue", "value", "dfc-generated"]
148151
- ["java.net", "Socket", True, "getInputStream", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
152+
- ["java.net", "Socket", True, "getLocalAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
149153
- ["java.net", "Socket", True, "getLocalSocketAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
150-
- ["java.net", "Socket", True, "getRemoteSocketAddress", "()", "", "Argument[this].SyntheticField[java.net.Socket.impl].SyntheticField[java.net.SocketImpl.address]", "ReturnValue.SyntheticField[java.net.InetSocketAddress.holder].SyntheticField[java.net.InetSocketAddress$InetSocketAddressHolder.addr]", "value", "dfc-generated"]
154+
- ["java.net", "Socket", True, "getRemoteSocketAddress", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
151155
- ["java.net", "Socket", True, "setOption", "(SocketOption,Object)", "", "Argument[this]", "ReturnValue", "value", "dfc-generated"]
152156
- ["java.net", "Socket", True, "supportedOptions", "()", "", "Argument[this]", "ReturnValue", "taint", "df-generated"]
153157
- ["java.net", "SocketException", True, "SocketException", "(String)", "", "Argument[0]", "Argument[this]", "taint", "df-generated"]
@@ -246,7 +250,6 @@ extensions:
246250
- ["java.net", "DatagramSocket", "bind", "(SocketAddress)", "summary", "df-generated"]
247251
- ["java.net", "DatagramSocket", "disconnect", "()", "summary", "df-generated"]
248252
- ["java.net", "DatagramSocket", "getBroadcast", "()", "summary", "df-generated"]
249-
- ["java.net", "DatagramSocket", "getLocalAddress", "()", "summary", "df-generated"]
250253
- ["java.net", "DatagramSocket", "getLocalPort", "()", "summary", "df-generated"]
251254
- ["java.net", "DatagramSocket", "getOption", "(SocketOption)", "summary", "df-generated"]
252255
- ["java.net", "DatagramSocket", "getPort", "()", "summary", "df-generated"]
@@ -260,7 +263,6 @@ extensions:
260263
- ["java.net", "DatagramSocket", "isConnected", "()", "summary", "df-generated"]
261264
- ["java.net", "DatagramSocket", "joinGroup", "(SocketAddress,NetworkInterface)", "summary", "df-generated"]
262265
- ["java.net", "DatagramSocket", "leaveGroup", "(SocketAddress,NetworkInterface)", "summary", "df-generated"]
263-
- ["java.net", "DatagramSocket", "receive", "(DatagramPacket)", "summary", "df-generated"]
264266
- ["java.net", "DatagramSocket", "setBroadcast", "(boolean)", "summary", "df-generated"]
265267
- ["java.net", "DatagramSocket", "setDatagramSocketImplFactory", "(DatagramSocketImplFactory)", "summary", "df-generated"]
266268
- ["java.net", "DatagramSocket", "setReceiveBufferSize", "(int)", "summary", "df-generated"]
@@ -334,7 +336,6 @@ extensions:
334336
- ["java.net", "InetAddress", "isReachable", "(int)", "summary", "df-generated"]
335337
- ["java.net", "InetAddress", "isSiteLocalAddress", "()", "summary", "df-generated"]
336338
- ["java.net", "InetSocketAddress", "InetSocketAddress", "(int)", "summary", "df-generated"]
337-
- ["java.net", "InetSocketAddress", "getPort", "()", "summary", "df-generated"]
338339
- ["java.net", "InetSocketAddress", "isUnresolved", "()", "summary", "df-generated"]
339340
- ["java.net", "InterfaceAddress", "getNetworkPrefixLength", "()", "summary", "df-generated"]
340341
- ["java.net", "JarURLConnection", "getMainAttributes", "()", "summary", "df-generated"]
@@ -397,12 +398,7 @@ extensions:
397398
- ["java.net", "ServerSocket", "setReuseAddress", "(boolean)", "summary", "df-generated"]
398399
- ["java.net", "ServerSocket", "setSoTimeout", "(int)", "summary", "df-generated"]
399400
- ["java.net", "ServerSocket", "setSocketFactory", "(SocketImplFactory)", "summary", "df-generated"]
400-
- ["java.net", "Socket", "Socket", "(InetAddress,int)", "summary", "df-generated"]
401-
- ["java.net", "Socket", "Socket", "(InetAddress,int,InetAddress,int)", "summary", "df-generated"]
402-
- ["java.net", "Socket", "Socket", "(InetAddress,int,boolean)", "summary", "df-generated"]
403-
- ["java.net", "Socket", "Socket", "(Proxy)", "summary", "df-generated"]
404401
- ["java.net", "Socket", "getKeepAlive", "()", "summary", "df-generated"]
405-
- ["java.net", "Socket", "getLocalAddress", "()", "summary", "df-generated"]
406402
- ["java.net", "Socket", "getLocalPort", "()", "summary", "df-generated"]
407403
- ["java.net", "Socket", "getOOBInline", "()", "summary", "df-generated"]
408404
- ["java.net", "Socket", "getOption", "(SocketOption)", "summary", "df-generated"]

0 commit comments

Comments
 (0)