Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 37ca6a5

Browse files
author
Benjamin Muskalla
committed
Model Appenable and Writer
This allows us to track taint carried through all kind of writers.
1 parent 68385df commit 37ca6a5

3 files changed

Lines changed: 17 additions & 3 deletions

File tree

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -91,6 +91,7 @@ private module Frameworks {
9191
private import semmle.code.java.frameworks.guava.Guava
9292
private import semmle.code.java.frameworks.jackson.JacksonSerializability
9393
private import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
94+
private import semmle.code.java.frameworks.JavaIo
9495
private import semmle.code.java.frameworks.JavaxJson
9596
private import semmle.code.java.frameworks.JaxWS
9697
private import semmle.code.java.frameworks.JoddJson

java/ql/lib/semmle/code/java/frameworks/JavaIo.qll

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
/** Definitions of taint steps in Objects class of the JDK */
2+
3+
import java
4+
private import semmle.code.java.dataflow.ExternalFlow
5+
6+
private class ObjectsSummaryCsv extends SummaryModelCsv {
7+
override predicate row(string row) {
8+
row =
9+
[
10+
//`namespace; type; subtypes; name; signature; ext; input; output; kind`
11+
"java.lang;Appendable;false;append;;;Argument[0];Argument[-1];value",
12+
"java.lang;Appendable;false;append;;;Argument[-1];ReturnValue;value",
13+
"java.io;Writer;false;write;;;Argument[0];Argument[-1];value"
14+
]
15+
}
16+
}

java/ql/lib/semmle/code/java/frameworks/Strings.qll

Lines changed: 0 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -40,9 +40,6 @@ private class StringSummaryCsv extends SummaryModelCsv {
4040
"java.lang;String;false;valueOf;(char);;Argument[0];ReturnValue;taint",
4141
"java.lang;String;false;valueOf;(char[],int,int);;Argument[0];ReturnValue;taint",
4242
"java.lang;String;false;valueOf;(char[]);;Argument[0];ReturnValue;taint",
43-
"java.io;StringWriter;true;append;;;Argument[0];Argument[-1];taint",
44-
"java.io;StringWriter;true;append;;;Argument[-1];ReturnValue;value",
45-
"java.io;StringWriter;true;write;;;Argument[0];Argument[-1];taint",
4643
"java.lang;AbstractStringBuilder;true;AbstractStringBuilder;(String);;Argument[0];Argument[-1];taint",
4744
"java.lang;AbstractStringBuilder;true;append;;;Argument[0];Argument[-1];taint",
4845
"java.lang;AbstractStringBuilder;true;append;;;Argument[-1];ReturnValue;value",

0 commit comments

Comments
 (0)