Merge pull request github#15766 from owen-mc/java/add-neutral-models

Java: add neutral models

Author: owen-mc

java/ql/lib/ext/java.lang.model.yml

@@ -218,9 +218,11 @@ extensions:
       - ["java.lang", "System", "currentTimeMillis", "()", "summary", "manual"]
       - ["java.lang", "System", "exit", "(int)", "summary", "manual"]
       - ["java.lang", "System", "getenv", "(String)", "summary", "manual"]
+      - ["java.lang", "System", "getProperty", "", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
       - ["java.lang", "System", "identityHashCode", "(Object)", "summary", "manual"]
       - ["java.lang", "System", "lineSeparator", "()", "summary", "manual"]
       - ["java.lang", "System", "nanoTime", "()", "summary", "manual"]
+      - ["java.lang", "System", "setProperty", "", "summary", "manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
       - ["java.lang", "Thread", "currentThread", "()", "summary", "manual"]
       - ["java.lang", "Thread", "getContextClassLoader", "()", "summary", "manual"]
       - ["java.lang", "Thread", "interrupt", "()", "summary", "manual"]

java/ql/lib/ext/java.security.model.yml

@@ -15,3 +15,10 @@ extensions:
       - ["java.security", "KeyStoreSpi", True, "engineSetKeyEntry", "(String,Key,char[],Certificate[])", "", "Argument[2]", "credentials-password", "hq-generated"]
       - ["java.security", "KeyStoreSpi", True, "engineStore", "(OutputStream,char[])", "", "Argument[1]", "credentials-password", "hq-generated"]
       - ["java.security", "KeyStoreSpi", True, "engineSetKeyEntry", "(String,byte[],Certificate[])", "", "Argument[1]", "credentials-key", "hq-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["java.security", "MessageDigest", "digest", "()", "summary", "df-manual"]
+      - ["java.security", "MessageDigest", "digest", "(byte[])", "summary", "df-manual"]
+      - ["java.security", "MessageDigest", "digest", "(byte[],int,int)", "summary", "df-manual"]

java/ql/lib/ext/java.text.model.yml

@@ -4,6 +4,9 @@ extensions:
       extensible: neutralModel
     data:
       # summary neutrals
+      - ["java.text", "Format", "format", "", "summary", "manual"]        # similar issue as `Object.toString`; depends on the object being passed as the argument
+      - ["java.text", "MessageFormat", "format", "", "summary", "manual"] # similar issue as `Object.toString`; depends on the object being passed as the argument
+
       # The below APIs have numeric flow and are currently being stored as neutral models.
       # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
       - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"]                   # taint-numeric

java/ql/lib/ext/java.util.model.yml

@@ -417,6 +417,7 @@ extensions:
       - ["java.util", "ArrayList", "ArrayList", "(int)", "summary", "manual"]
       - ["java.util", "ArrayList", "isEmpty", "()", "summary", "manual"]
       - ["java.util", "ArrayList", "size", "()", "summary", "manual"]
+      - ["java.util", "Arrays", "deepToString", "(Object[])", "summary", "df-manual"]
       - ["java.util", "Arrays", "toString", "(Object[])", "summary", "manual"]
       - ["java.util", "Calendar", "getInstance", "()", "summary", "manual"]
       - ["java.util", "Collection", "contains", "(Object)", "summary", "manual"]
@@ -456,6 +457,8 @@ extensions:
       - ["java.util", "Set", "contains", "(Object)", "summary", "manual"]
       - ["java.util", "Set", "isEmpty", "()", "summary", "manual"]
       - ["java.util", "Set", "size", "()", "summary", "manual"]
+      - ["java.util", "TreeMap", "TreeMap", "(Comparator)", "summary", "df-manual"]
+      - ["java.util", "TreeSet", "TreeSet", "(Comparator)", "summary", "df-manual"]
       - ["java.util", "UUID", "equals", "(Object)", "summary", "manual"]
       - ["java.util", "UUID", "fromString", "(String)", "summary", "manual"]
       - ["java.util", "UUID", "randomUUID", "()", "summary", "manual"]

java/ql/lib/ext/java.util.stream.model.yml

@@ -92,8 +92,11 @@ extensions:
       pack: codeql/java-all
       extensible: neutralModel
     data:
+      - ["java.util.stream", "Collectors", "joining", "", "summary", "manual"] # cannot be modeled completely without a model for `java.util.stream.Stream#collect(Collector)` as well
       - ["java.util.stream", "Collectors", "toList", "()", "summary", "manual"]
+      - ["java.util.stream", "Collectors", "toMap", "", "summary", "manual"] # specialized collectors flow
       - ["java.util.stream", "Collectors", "toSet", "()", "summary", "manual"]
+      - ["java.util.stream", "Stream", "collect", "(Collector)", "summary", "manual"] # handled separately on a case-by-case basis as it is too complex for MaD
       - ["java.util.stream", "Stream", "count", "()", "summary", "manual"]
 
       # The below APIs have numeric flow and are currently being stored as neutral models.

java/ql/test/ext/TopJdkApis/TopJdkApisTest.expected

@@ -1,14 +1,7 @@
 | java.lang.Runnable#run() | no manual model |
-| java.lang.System#getProperty(String) | no manual model |
-| java.lang.System#setProperty(String,String) | no manual model |
-| java.text.Format#format(Object) | no manual model |
-| java.text.MessageFormat#format(String,Object[]) | no manual model |
 | java.util.Comparator#comparing(Function) | no manual model |
 | java.util.function.BiConsumer#accept(Object,Object) | no manual model |
 | java.util.function.BiFunction#apply(Object,Object) | no manual model |
 | java.util.function.Consumer#accept(Object) | no manual model |
 | java.util.function.Function#apply(Object) | no manual model |
 | java.util.function.Supplier#get() | no manual model |
-| java.util.stream.Collectors#joining(CharSequence) | no manual model |
-| java.util.stream.Collectors#toMap(Function,Function) | no manual model |
-| java.util.stream.Stream#collect(Collector) | no manual model |