Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2e46e93

Browse files
michaelnebelmichaelnebel
committed
Java: Update java models with provenance column information.
1 parent 4622b69 commit 2e46e93

125 files changed

Lines changed: 11049 additions & 11026 deletions

File tree

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 171 additions & 171 deletions
Large diffs are not rendered by default.

java/ql/lib/semmle/code/java/dataflow/internal/ContainerFlow.qll

Lines changed: 318 additions & 318 deletions
Large diffs are not rendered by default.

java/ql/lib/semmle/code/java/frameworks/ApacheHttp.qll

Lines changed: 167 additions & 167 deletions
Large diffs are not rendered by default.

java/ql/lib/semmle/code/java/frameworks/Flexjson.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,6 @@ class FlexjsonDeserializerUseMethod extends Method {
3636

3737
private class FluentUseMethodModel extends SummaryModelCsv {
3838
override predicate row(string r) {
39-
r = "flexjson;JSONDeserializer;true;use;;;Argument[-1];ReturnValue;value"
39+
r = "flexjson;JSONDeserializer;true;use;;;Argument[-1];ReturnValue;value;manual"
4040
}
4141
}

java/ql/lib/semmle/code/java/frameworks/Hibernate.qll

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -27,13 +27,13 @@ private class SqlSinkCsv extends SinkModelCsv {
2727
row =
2828
[
2929
//"package;type;overrides;name;signature;ext;spec;kind"
30-
"org.hibernate;QueryProducer;true;createQuery;;;Argument[0];sql",
31-
"org.hibernate;QueryProducer;true;createNativeQuery;;;Argument[0];sql",
32-
"org.hibernate;QueryProducer;true;createSQLQuery;;;Argument[0];sql",
33-
"org.hibernate;SharedSessionContract;true;createQuery;;;Argument[0];sql",
34-
"org.hibernate;SharedSessionContract;true;createSQLQuery;;;Argument[0];sql",
35-
"org.hibernate;Session;true;createQuery;;;Argument[0];sql",
36-
"org.hibernate;Session;true;createSQLQuery;;;Argument[0];sql"
30+
"org.hibernate;QueryProducer;true;createQuery;;;Argument[0];sql;manual",
31+
"org.hibernate;QueryProducer;true;createNativeQuery;;;Argument[0];sql;manual",
32+
"org.hibernate;QueryProducer;true;createSQLQuery;;;Argument[0];sql;manual",
33+
"org.hibernate;SharedSessionContract;true;createQuery;;;Argument[0];sql;manual",
34+
"org.hibernate;SharedSessionContract;true;createSQLQuery;;;Argument[0];sql;manual",
35+
"org.hibernate;Session;true;createQuery;;;Argument[0];sql;manual",
36+
"org.hibernate;Session;true;createSQLQuery;;;Argument[0];sql;manual"
3737
]
3838
}
3939
}

java/ql/lib/semmle/code/java/frameworks/HikariCP.qll

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,8 @@ private class SsrfSinkCsv extends SinkModelCsv {
1010
row =
1111
[
1212
//"package;type;overrides;name;signature;ext;spec;kind"
13-
"com.zaxxer.hikari;HikariConfig;false;HikariConfig;(Properties);;Argument[0];jdbc-url",
14-
"com.zaxxer.hikari;HikariConfig;false;setJdbcUrl;(String);;Argument[0];jdbc-url"
13+
"com.zaxxer.hikari;HikariConfig;false;HikariConfig;(Properties);;Argument[0];jdbc-url;manual",
14+
"com.zaxxer.hikari;HikariConfig;false;setJdbcUrl;(String);;Argument[0];jdbc-url;manual"
1515
]
1616
}
1717
}

java/ql/lib/semmle/code/java/frameworks/JMS.qll

Lines changed: 67 additions & 67 deletions
Original file line numberDiff line numberDiff line change
@@ -14,11 +14,11 @@ private class Jms1Source extends SourceModelCsv {
1414
row =
1515
[
1616
// incoming messages are considered tainted
17-
"javax.jms;MessageListener;true;onMessage;(Message);;Parameter[0];remote",
18-
"javax.jms;MessageConsumer;true;receive;;;ReturnValue;remote",
19-
"javax.jms;MessageConsumer;true;receiveNoWait;();;ReturnValue;remote",
20-
"javax.jms;QueueRequestor;true;request;(Message);;ReturnValue;remote",
21-
"javax.jms;TopicRequestor;true;request;(Message);;ReturnValue;remote",
17+
"javax.jms;MessageListener;true;onMessage;(Message);;Parameter[0];remote;manual",
18+
"javax.jms;MessageConsumer;true;receive;;;ReturnValue;remote;manual",
19+
"javax.jms;MessageConsumer;true;receiveNoWait;();;ReturnValue;remote;manual",
20+
"javax.jms;QueueRequestor;true;request;(Message);;ReturnValue;remote;manual",
21+
"javax.jms;TopicRequestor;true;request;(Message);;ReturnValue;remote;manual",
2222
]
2323
}
2424
}
@@ -29,64 +29,64 @@ private class Jms1FlowStep extends SummaryModelCsv {
2929
row =
3030
[
3131
// if a message is tainted, then it returns tainted data
32-
"javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint",
33-
"javax.jms;Message;true;getJMSCorrelationIDAsBytes;();;Argument[-1];ReturnValue;taint",
34-
"javax.jms;Message;true;getJMSCorrelationID;();;Argument[-1];ReturnValue;taint",
35-
"javax.jms;Message;true;getJMSReplyTo;();;Argument[-1];ReturnValue;taint",
36-
"javax.jms;Message;true;getJMSDestination;();;Argument[-1];ReturnValue;taint",
37-
"javax.jms;Message;true;getJMSType;();;Argument[-1];ReturnValue;taint",
38-
"javax.jms;Message;true;getBooleanProperty;();;Argument[-1];ReturnValue;taint",
39-
"javax.jms;Message;true;getByteProperty;();;Argument[-1];ReturnValue;taint",
40-
"javax.jms;Message;true;getShortProperty;();;Argument[-1];ReturnValue;taint",
41-
"javax.jms;Message;true;getIntProperty;();;Argument[-1];ReturnValue;taint",
42-
"javax.jms;Message;true;getLongProperty;();;Argument[-1];ReturnValue;taint",
43-
"javax.jms;Message;true;getFloatProperty;();;Argument[-1];ReturnValue;taint",
44-
"javax.jms;Message;true;getDoubleProperty;();;Argument[-1];ReturnValue;taint",
45-
"javax.jms;Message;true;getStringProperty;();;Argument[-1];ReturnValue;taint",
46-
"javax.jms;Message;true;getObjectProperty;();;Argument[-1];ReturnValue;taint",
47-
"javax.jms;Message;true;getPropertyNames;();;Argument[-1];ReturnValue;taint",
48-
"javax.jms;BytesMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint",
49-
"javax.jms;BytesMessage;true;readByte;();;Argument[-1];ReturnValue;taint",
50-
"javax.jms;BytesMessage;true;readUnsignedByte;();;Argument[-1];ReturnValue;taint",
51-
"javax.jms;BytesMessage;true;readShort;();;Argument[-1];ReturnValue;taint",
52-
"javax.jms;BytesMessage;true;readUnsignedShort;();;Argument[-1];ReturnValue;taint",
53-
"javax.jms;BytesMessage;true;readChar;();;Argument[-1];ReturnValue;taint",
54-
"javax.jms;BytesMessage;true;readInt;();;Argument[-1];ReturnValue;taint",
55-
"javax.jms;BytesMessage;true;readLong;();;Argument[-1];ReturnValue;taint",
56-
"javax.jms;BytesMessage;true;readFloat;();;Argument[-1];ReturnValue;taint",
57-
"javax.jms;BytesMessage;true;readDouble;();;Argument[-1];ReturnValue;taint",
58-
"javax.jms;BytesMessage;true;readUTF;();;Argument[-1];ReturnValue;taint",
59-
"javax.jms;BytesMessage;true;readBytes;;;Argument[-1];Argument[0];taint",
60-
"javax.jms;MapMessage;true;getBoolean;(String);;Argument[-1];ReturnValue;taint",
61-
"javax.jms;MapMessage;true;getByte;(String);;Argument[-1];ReturnValue;taint",
62-
"javax.jms;MapMessage;true;getShort;(String);;Argument[-1];ReturnValue;taint",
63-
"javax.jms;MapMessage;true;getChar;(String);;Argument[-1];ReturnValue;taint",
64-
"javax.jms;MapMessage;true;getInt;(String);;Argument[-1];ReturnValue;taint",
65-
"javax.jms;MapMessage;true;getLong;(String);;Argument[-1];ReturnValue;taint",
66-
"javax.jms;MapMessage;true;getFloat;(String);;Argument[-1];ReturnValue;taint",
67-
"javax.jms;MapMessage;true;getDouble;(String);;Argument[-1];ReturnValue;taint",
68-
"javax.jms;MapMessage;true;getString;(String);;Argument[-1];ReturnValue;taint",
69-
"javax.jms;MapMessage;true;getBytes;(String);;Argument[-1];ReturnValue;taint",
70-
"javax.jms;MapMessage;true;getObject;(String);;Argument[-1];ReturnValue;taint",
71-
"javax.jms;MapMessage;true;getMapNames;();;Argument[-1];ReturnValue;taint",
72-
"javax.jms;ObjectMessage;true;getObject;();;Argument[-1];ReturnValue;taint",
73-
"javax.jms;StreamMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint",
74-
"javax.jms;StreamMessage;true;readByte;();;Argument[-1];ReturnValue;taint",
75-
"javax.jms;StreamMessage;true;readShort;();;Argument[-1];ReturnValue;taint",
76-
"javax.jms;StreamMessage;true;readChar;();;Argument[-1];ReturnValue;taint",
77-
"javax.jms;StreamMessage;true;readInt;();;Argument[-1];ReturnValue;taint",
78-
"javax.jms;StreamMessage;true;readLong;();;Argument[-1];ReturnValue;taint",
79-
"javax.jms;StreamMessage;true;readFloat;();;Argument[-1];ReturnValue;taint",
80-
"javax.jms;StreamMessage;true;readDouble;();;Argument[-1];ReturnValue;taint",
81-
"javax.jms;StreamMessage;true;readString;();;Argument[-1];ReturnValue;taint",
82-
"javax.jms;StreamMessage;true;readBytes;(byte[]);;Argument[-1];Argument[0];taint",
83-
"javax.jms;StreamMessage;true;readObject;();;Argument[-1];ReturnValue;taint",
84-
"javax.jms;TextMessage;true;getText;();;Argument[-1];ReturnValue;taint",
32+
"javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual",
33+
"javax.jms;Message;true;getJMSCorrelationIDAsBytes;();;Argument[-1];ReturnValue;taint;manual",
34+
"javax.jms;Message;true;getJMSCorrelationID;();;Argument[-1];ReturnValue;taint;manual",
35+
"javax.jms;Message;true;getJMSReplyTo;();;Argument[-1];ReturnValue;taint;manual",
36+
"javax.jms;Message;true;getJMSDestination;();;Argument[-1];ReturnValue;taint;manual",
37+
"javax.jms;Message;true;getJMSType;();;Argument[-1];ReturnValue;taint;manual",
38+
"javax.jms;Message;true;getBooleanProperty;();;Argument[-1];ReturnValue;taint;manual",
39+
"javax.jms;Message;true;getByteProperty;();;Argument[-1];ReturnValue;taint;manual",
40+
"javax.jms;Message;true;getShortProperty;();;Argument[-1];ReturnValue;taint;manual",
41+
"javax.jms;Message;true;getIntProperty;();;Argument[-1];ReturnValue;taint;manual",
42+
"javax.jms;Message;true;getLongProperty;();;Argument[-1];ReturnValue;taint;manual",
43+
"javax.jms;Message;true;getFloatProperty;();;Argument[-1];ReturnValue;taint;manual",
44+
"javax.jms;Message;true;getDoubleProperty;();;Argument[-1];ReturnValue;taint;manual",
45+
"javax.jms;Message;true;getStringProperty;();;Argument[-1];ReturnValue;taint;manual",
46+
"javax.jms;Message;true;getObjectProperty;();;Argument[-1];ReturnValue;taint;manual",
47+
"javax.jms;Message;true;getPropertyNames;();;Argument[-1];ReturnValue;taint;manual",
48+
"javax.jms;BytesMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual",
49+
"javax.jms;BytesMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual",
50+
"javax.jms;BytesMessage;true;readUnsignedByte;();;Argument[-1];ReturnValue;taint;manual",
51+
"javax.jms;BytesMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual",
52+
"javax.jms;BytesMessage;true;readUnsignedShort;();;Argument[-1];ReturnValue;taint;manual",
53+
"javax.jms;BytesMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual",
54+
"javax.jms;BytesMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual",
55+
"javax.jms;BytesMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual",
56+
"javax.jms;BytesMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual",
57+
"javax.jms;BytesMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual",
58+
"javax.jms;BytesMessage;true;readUTF;();;Argument[-1];ReturnValue;taint;manual",
59+
"javax.jms;BytesMessage;true;readBytes;;;Argument[-1];Argument[0];taint;manual",
60+
"javax.jms;MapMessage;true;getBoolean;(String);;Argument[-1];ReturnValue;taint;manual",
61+
"javax.jms;MapMessage;true;getByte;(String);;Argument[-1];ReturnValue;taint;manual",
62+
"javax.jms;MapMessage;true;getShort;(String);;Argument[-1];ReturnValue;taint;manual",
63+
"javax.jms;MapMessage;true;getChar;(String);;Argument[-1];ReturnValue;taint;manual",
64+
"javax.jms;MapMessage;true;getInt;(String);;Argument[-1];ReturnValue;taint;manual",
65+
"javax.jms;MapMessage;true;getLong;(String);;Argument[-1];ReturnValue;taint;manual",
66+
"javax.jms;MapMessage;true;getFloat;(String);;Argument[-1];ReturnValue;taint;manual",
67+
"javax.jms;MapMessage;true;getDouble;(String);;Argument[-1];ReturnValue;taint;manual",
68+
"javax.jms;MapMessage;true;getString;(String);;Argument[-1];ReturnValue;taint;manual",
69+
"javax.jms;MapMessage;true;getBytes;(String);;Argument[-1];ReturnValue;taint;manual",
70+
"javax.jms;MapMessage;true;getObject;(String);;Argument[-1];ReturnValue;taint;manual",
71+
"javax.jms;MapMessage;true;getMapNames;();;Argument[-1];ReturnValue;taint;manual",
72+
"javax.jms;ObjectMessage;true;getObject;();;Argument[-1];ReturnValue;taint;manual",
73+
"javax.jms;StreamMessage;true;readBoolean;();;Argument[-1];ReturnValue;taint;manual",
74+
"javax.jms;StreamMessage;true;readByte;();;Argument[-1];ReturnValue;taint;manual",
75+
"javax.jms;StreamMessage;true;readShort;();;Argument[-1];ReturnValue;taint;manual",
76+
"javax.jms;StreamMessage;true;readChar;();;Argument[-1];ReturnValue;taint;manual",
77+
"javax.jms;StreamMessage;true;readInt;();;Argument[-1];ReturnValue;taint;manual",
78+
"javax.jms;StreamMessage;true;readLong;();;Argument[-1];ReturnValue;taint;manual",
79+
"javax.jms;StreamMessage;true;readFloat;();;Argument[-1];ReturnValue;taint;manual",
80+
"javax.jms;StreamMessage;true;readDouble;();;Argument[-1];ReturnValue;taint;manual",
81+
"javax.jms;StreamMessage;true;readString;();;Argument[-1];ReturnValue;taint;manual",
82+
"javax.jms;StreamMessage;true;readBytes;(byte[]);;Argument[-1];Argument[0];taint;manual",
83+
"javax.jms;StreamMessage;true;readObject;();;Argument[-1];ReturnValue;taint;manual",
84+
"javax.jms;TextMessage;true;getText;();;Argument[-1];ReturnValue;taint;manual",
8585
// if a destination is tainted, then it returns tainted data
86-
"javax.jms;Queue;true;getQueueName;();;Argument[-1];ReturnValue;taint",
87-
"javax.jms;Queue;true;toString;();;Argument[-1];ReturnValue;taint",
88-
"javax.jms;Topic;true;getTopicName;();;Argument[-1];ReturnValue;taint",
89-
"javax.jms;Topic;true;toString;();;Argument[-1];ReturnValue;taint",
86+
"javax.jms;Queue;true;getQueueName;();;Argument[-1];ReturnValue;taint;manual",
87+
"javax.jms;Queue;true;toString;();;Argument[-1];ReturnValue;taint;manual",
88+
"javax.jms;Topic;true;getTopicName;();;Argument[-1];ReturnValue;taint;manual",
89+
"javax.jms;Topic;true;toString;();;Argument[-1];ReturnValue;taint;manual",
9090
]
9191
}
9292
}
@@ -96,17 +96,17 @@ private class Jms2Source extends SourceModelCsv {
9696
override predicate row(string row) {
9797
row =
9898
[
99-
"javax.jms;JMSConsumer;true;receive;;;ReturnValue;remote",
100-
"javax.jms;JMSConsumer;true;receiveBody;;;ReturnValue;remote",
101-
"javax.jms;JMSConsumer;true;receiveNoWait;();;ReturnValue;remote",
102-
"javax.jms;JMSConsumer;true;receiveBodyNoWait;();;ReturnValue;remote",
99+
"javax.jms;JMSConsumer;true;receive;;;ReturnValue;remote;manual",
100+
"javax.jms;JMSConsumer;true;receiveBody;;;ReturnValue;remote;manual",
101+
"javax.jms;JMSConsumer;true;receiveNoWait;();;ReturnValue;remote;manual",
102+
"javax.jms;JMSConsumer;true;receiveBodyNoWait;();;ReturnValue;remote;manual",
103103
]
104104
}
105105
}
106106

107107
/** Defines additional taint propagation steps in JMS 2. */
108108
private class Jms2FlowStep extends SummaryModelCsv {
109109
override predicate row(string row) {
110-
row = "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint"
110+
row = "javax.jms;Message;true;getBody;();;Argument[-1];ReturnValue;taint;manual"
111111
}
112112
}

java/ql/lib/semmle/code/java/frameworks/JavaIo.qll

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -8,17 +8,17 @@ private class JavaIoSummaryCsv extends SummaryModelCsv {
88
row =
99
[
1010
//`namespace; type; subtypes; name; signature; ext; input; output; kind`
11-
"java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint",
12-
"java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;value",
13-
"java.io;Writer;true;write;;;Argument[0];Argument[-1];taint",
14-
"java.io;Writer;true;toString;;;Argument[-1];ReturnValue;taint",
15-
"java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint",
16-
"java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint",
17-
"java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint",
18-
"java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint",
19-
"java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint",
20-
"java.nio.channels;ReadableByteChannel;true;read;(ByteBuffer);;Argument[-1];Argument[0];taint",
21-
"java.nio.channels;Channels;false;newChannel;(InputStream);;Argument[0];ReturnValue;taint"
11+
"java.lang;Appendable;true;append;;;Argument[0];Argument[-1];taint;manual",
12+
"java.lang;Appendable;true;append;;;Argument[-1];ReturnValue;value;manual",
13+
"java.io;Writer;true;write;;;Argument[0];Argument[-1];taint;manual",
14+
"java.io;Writer;true;toString;;;Argument[-1];ReturnValue;taint;manual",
15+
"java.io;CharArrayWriter;true;toCharArray;;;Argument[-1];ReturnValue;taint;manual",
16+
"java.io;ObjectInput;true;read;;;Argument[-1];Argument[0];taint;manual",
17+
"java.io;DataInput;true;readFully;;;Argument[-1];Argument[0];taint;manual",
18+
"java.io;DataInput;true;readLine;();;Argument[-1];ReturnValue;taint;manual",
19+
"java.io;DataInput;true;readUTF;();;Argument[-1];ReturnValue;taint;manual",
20+
"java.nio.channels;ReadableByteChannel;true;read;(ByteBuffer);;Argument[-1];Argument[0];taint;manual",
21+
"java.nio.channels;Channels;false;newChannel;(InputStream);;Argument[0];ReturnValue;taint;manual"
2222
]
2323
}
2424
}

0 commit comments

Comments
 (0)