Credential-username models

egregius313 · egregius313 · commit 49218cdbfb74 · 2023-10-25T14:31:53.000-04:00
diff --git a/java/ql/lib/ext/com.sun.istack.internal.tools.model.yml b/java/ql/lib/ext/com.sun.istack.internal.tools.model.yml
@@ -4,3 +4,4 @@ extensions:
       extensible: sinkModel
     data:
       - ["com.sun.istack.internal.tools", "DefaultAuthenticator$AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"]
+      - ["com.sun.istack.internal.tools", "DefaultAuthenticator$AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.jndi.ldap.model.yml b/java/ql/lib/ext/com.sun.jndi.ldap.model.yml
@@ -0,0 +1,9 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.sun.jndi.ldap", "DigestClientId", False, "DigestClientId", "(int, String, int, String, Control[], OutputStream, String, String, Object, Hashtable)", "credential-username", "Argument[7]", "manual"]
+      - ["com.sun.jndi.ldap", "LdapClient", False, "getInstance", "(boolean, String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable)", "credential-username", "Argument[11]", "manual"]
+      - ["com.sun.jndi.ldap", "LdapPoolManager", False, "getLdapClient", "(String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable)", "credential-username", "Argument[10]", "manual"]
+      - ["com.sun.jndi.ldap", "SimpleClientId", False, "SimpleClientId", "(int, String, int, String, Control[], OutputStream, String, String, Object)", "credential-username", "Argument[7]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.net.httpserver.model.yml b/java/ql/lib/ext/com.sun.net.httpserver.model.yml
@@ -4,3 +4,5 @@ extensions:
       extensible: sinkModel
     data:
       - ["com.sun.net.httpserver", "BasicAuthenticator", False, "checkCredentials", "(String, String)", "credential-password", "Argument[1]", "manual"]
+      - ["com.sun.net.httpserver", "BasicAuthenticator", False, "checkCredentials", "(String, String)", "credential-username", "Argument[0]", "manual"]
+      - ["com.sun.net.httpserver", "HttpPrincipal", False, "HttpPrincipal", "(String, String)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.rowset.model.yml b/java/ql/lib/ext/com.sun.rowset.model.yml
@@ -5,3 +5,4 @@ extensions:
     data:
       - ["com.sun.rowset", "JdbcRowSetImpl", False, "JdbcRowSetImpl", "(String, String, String)", "credential-password", "Argument[2]", "manual"]
       - ["com.sun.rowset", "JdbcRowSetImpl", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"]
+      - ["com.sun.rowset", "JdbcRowSetImpl", False, "JdbcRowSetImpl", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.security.ntlm.model.yml b/java/ql/lib/ext/com.sun.security.ntlm.model.yml
@@ -6,3 +6,5 @@ extensions:
       - ["com.sun.security.ntlm", "Client", False, "Client", "(String, String, String, String, char[])", "credential-password", "Argument[4]", "manual"]
       - ["com.sun.security.ntlm", "NTLM", False, "getP1", "(char[])", "credential-password", "Argument[0]", "manual"]
       - ["com.sun.security.ntlm", "NTLM", False, "getP2", "(char[])", "credential-password", "Argument[0]", "manual"]
+      - ["com.sun.security.ntlm", "Client", False, "Client", "(String, String, String, String, char[])", "credential-username", "Argument[2]", "manual"]
+      - ["com.sun.security.ntlm", "Server", False, "getPassword", "(String, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.security.sasl.digest.model.yml b/java/ql/lib/ext/com.sun.security.sasl.digest.model.yml
@@ -5,3 +5,4 @@ extensions:
     data:
       - ["com.sun.security.sasl.digest", "DigestMD5Base", False, "generateResponseValue", "(String, String, String, String, String, char[], byte[], byte[], int, byte[])", "credential-password", "Argument[5]", "manual"]
       - ["com.sun.security.sasl.digest", "DigestMD5Server", False, "generateResponseAuth", "(String, char[], byte[], int, byte[])", "credential-password", "Argument[1]", "manual"]
+      - ["com.sun.security.sasl.digest", "DigestMD5Server", False, "generateResponseAuth", "(String, char[], byte[], int, byte[])", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/com.sun.tools.internal.ws.wscompile.model.yml b/java/ql/lib/ext/com.sun.tools.internal.ws.wscompile.model.yml
@@ -4,3 +4,4 @@ extensions:
       extensible: sinkModel
     data:
       - ["com.sun.tools.internal.ws.wscompile", "AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"]
+      - ["com.sun.tools.internal.ws.wscompile", "AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/java.net.model.yml b/java/ql/lib/ext/java.net.model.yml
@@ -26,6 +26,7 @@ extensions:
       - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "request-forgery", "manual"]
       - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "request-forgery", "manual"]
       - ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "request-forgery", "manual"]
+      - ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String, char[])", "credential-username", "Argument[0]", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/ext/java.sql.model.yml b/java/ql/lib/ext/java.sql.model.yml
@@ -17,6 +17,7 @@ extensions:
       - ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["java.sql", "DriverManager", False, "getConnection", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/ext/javax.print.attribute.standard.model.yml b/java/ql/lib/ext/javax.print.attribute.standard.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.print.attribute.standard", "JobOriginatingUserName", False, "JobOriginatingUserName", "(String, Locale)", "credential-username", "Argument[0]", "manual"]
+      - ["javax.print.attribute.standard", "RequestingUserName", False, "RequestingUserName", "(String, Locale)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/javax.sql.model.yml b/java/ql/lib/ext/javax.sql.model.yml
@@ -7,3 +7,6 @@ extensions:
       - ["javax.sql", "DataSource", False, "getConnection", "(String, String)", "credential-password", "Argument[1]", "manual"]
       - ["javax.sql", "RowSet", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"]
       - ["javax.sql", "XADataSource", False, "getXAConnection", "(String, String)", "credential-password", "Argument[1]", "manual"]
+      - ["javax.sql", "ConnectionPoolDataSource", False, "getPooledConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
+      - ["javax.sql", "DataSource", False, "getConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
+      - ["javax.sql", "XADataSource", False, "getXAConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.jvmstat.perfdata.monitor.protocol.local.model.yml b/java/ql/lib/ext/sun.jvmstat.perfdata.monitor.protocol.local.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["sun.jvmstat.perfdata.monitor.protocol.local", "LocalVmManager", False, "LocalVmManager", "(String)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.jvmstat.perfdata.monitor.protocol.local", "PerfDataFile", False, "getFile", "(String, int)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.jvmstat.perfdata.monitor.protocol.local", "PerfDataFile", False, "getTempDirectory", "(String)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.jvmstat.perfdata.monitor.protocol.rmi.model.yml b/java/ql/lib/ext/sun.jvmstat.perfdata.monitor.protocol.rmi.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["sun.jvmstat.perfdata.monitor.protocol.rmi", "RemoteVmManager", False, "RemoteVmManager", "(RemoteHost, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/sun.misc.model.yml b/java/ql/lib/ext/sun.misc.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["sun.misc", "Perf", False, "attach", "(String, int, String)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.misc", "Perf", False, "attach", "(String, int, int)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.misc", "Perf", False, "attachImpl", "(String, int, int)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.net.ftp.impl.model.yml b/java/ql/lib/ext/sun.net.ftp.impl.model.yml
@@ -6,3 +6,6 @@ extensions:
       - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"]
       - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"]
       - ["sun.net.ftp.impl", "FtpClient", False, "tryLogin", "(String, char[])", "credential-password", "Argument[1]", "manual"]
+      - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[])", "credential-username", "Argument[0]", "manual"]
+      - ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[], String)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.net.ftp.impl", "FtpClient", False, "tryLogin", "(String, char[])", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.net.ftp.model.yml b/java/ql/lib/ext/sun.net.ftp.model.yml
@@ -5,3 +5,6 @@ extensions:
     data:
       - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"]
       - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"]
+      - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[])", "credential-username", "Argument[0]", "manual"]
+      - ["sun.net.ftp", "FtpClient", False, "login", "(String, char[], String)", "credential-username", "Argument[0]", "manual"]
+      - ["sun.net.ftp", "FtpDirEntry", False, "setUser", "(String)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.net.www.protocol.http.model.yml b/java/ql/lib/ext/sun.net.www.protocol.http.model.yml
@@ -5,3 +5,4 @@ extensions:
     data:
       - ["sun.net.www.protocol.http", "DigestAuthentication", False, "computeDigest", "(boolean, String, char[], String, String, String, String, String, String)", "credential-password", "Argument[2]", "manual"]
       - ["sun.net.www.protocol.http", "DigestAuthentication", False, "encode", "(String, char[], MessageDigest)", "credential-password", "Argument[1]", "manual"]
+      - ["sun.net.www.protocol.http", "DigestAuthentication", False, "computeDigest", "(boolean, String, char[], String, String, String, String, String, String)", "credential-username", "Argument[1]", "manual"]
diff --git a/java/ql/lib/ext/sun.security.acl.model.yml b/java/ql/lib/ext/sun.security.acl.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["sun.security.acl", "PrincipalImpl", False, "PrincipalImpl", "(String)", "credential-username", "Argument[0]", "manual"]
diff --git a/java/ql/lib/ext/sun.tools.jconsole.model.yml b/java/ql/lib/ext/sun.tools.jconsole.model.yml
@@ -16,3 +16,18 @@ extensions:
       - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, String, String)", "credential-password", "Argument[2]", "manual"]
       - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"]
       - ["sun.tools.jconsole", "ProxyClient", False, "setParameters", "(JMXServiceURL, String, String)", "credential-password", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "ConnectDialog", False, "setConnectionParameters", "(String, String, int, String, String, String)", "credential-username", "Argument[3]", "manual"]
+      - ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String, boolean)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "JConsole", False, "addUrl", "(String, String, String, boolean)", "credential-username", "Argument[1]", "manual"]
+      - ["sun.tools.jconsole", "JConsole", False, "failed", "(Exception, String, String, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "JConsole", False, "showConnectDialog", "(String, String, int, String, String, String)", "credential-username", "Argument[3]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getConnectionName", "(String, String)", "credential-username", "Argument[1]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getConnectionName", "(String, int, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
+      - ["sun.tools.jconsole", "ProxyClient", False, "setParameters", "(JMXServiceURL, String, String)", "credential-username", "Argument[1]", "manual"]
