Skip to content

Java: Use the models packs in the query pack and promote experimental models. #81

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 18 commits into from
Nov 25, 2024
Merged

Java: Use the models packs in the query pack and promote experimental models. #81

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
18 commits
Select commit Hold shift + click to select a range
0c1ac30
Java: Update dependencies.
michaelnebel Nov 22, 2024
13041c9
Java: Do not include models from the experimental folder (this was al…
michaelnebel Nov 22, 2024
f4c3437
Java: Include models packs in the community pack query suite.
michaelnebel Nov 22, 2024
2051c54
Java: Add some empty data extension files to avoid warnings.
michaelnebel Nov 22, 2024
c393bc9
Java: Promote experimental models for CWE-200.
michaelnebel Nov 22, 2024
7eae858
Java: Update expected test output for CWE-200.
michaelnebel Nov 22, 2024
56a9783
Java: Promote models for CWE-036.
michaelnebel Nov 22, 2024
dfcb38d
Java: Promote models for CWE-078.
michaelnebel Nov 22, 2024
6b1a690
Java: Updated expected test output for CWE-078.
michaelnebel Nov 22, 2024
d99fcb4
Java: Promote models for CWE-073.
michaelnebel Nov 22, 2024
97a3b47
Java: Update expected test output for CWE-073.
michaelnebel Nov 22, 2024
8b03e8c
Java: Promote models for CWE-400.
michaelnebel Nov 22, 2024
da6ceb1
Java: Update expected test output for CWE-400.
michaelnebel Nov 22, 2024
a802700
Java: Promote models for CWE-625.
michaelnebel Nov 22, 2024
aa4725d
Java: Update expected test output for CWE-625.
michaelnebel Nov 22, 2024
acfa9ff
Java: Promote models for CWE-020.
michaelnebel Nov 22, 2024
247af54
Java: Update expected test output for CWE-020.
michaelnebel Nov 22, 2024
6dd34ce
Java: Remove experimental model init model file.
michaelnebel Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions java/ext-library-sources/manual/empty.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data: []
1 change: 0 additions & 1 deletion java/ext-library-sources/qlpack.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -8,4 +8,3 @@ dataExtensions:
- 'manual/**/*.yml'
- 'generated/*.yml'
- 'generated/**/*.yml'
- 'experimental/*.yml'
6 changes: 0 additions & 6 deletions java/ext/experimental/android.webkit.model.yml
View file
Open in desktop

This file was deleted.

28 changes: 0 additions & 28 deletions java/ext/experimental/com.jfinal.core.model.yml
View file
Open in desktop

This file was deleted.

15 changes: 0 additions & 15 deletions java/ext/experimental/empty.model.yml
View file
Open in desktop

This file was deleted.

6 changes: 0 additions & 6 deletions java/ext/experimental/java.io.model.yml
View file
Open in desktop

This file was deleted.

10 changes: 0 additions & 10 deletions java/ext/experimental/javax.servlet.http.model.yml
View file
Open in desktop

This file was deleted.

5 changes: 5 additions & 0 deletions java/ext/generated/empty.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data: []
6 changes: 6 additions & 0 deletions java/ext/manual/android.webkit.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["android.webkit", "WebResourceRequest", False, "getUrl", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # android-web-resource-response
0 ...perimental/com.google.common.io.model.yml → ...ext/manual/com.google.common.io.model.yml
View file
Open in desktop
File renamed without changes.
4 changes: 2 additions & 2 deletions ...xt/experimental/com.jcraft.jsch.model.yml → java/ext/manual/com.jcraft.jsch.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: experimentalSinkModel
extensible: sinkModel
data:
- ["com.jcraft.jsch", "ChannelExec", True, "setCommand", "", "", "Argument[0]", "command-injection", "manual", "jsch-os-injection"]
- ["com.jcraft.jsch", "ChannelExec", True, "setCommand", "", "", "Argument[0]", "command-injection", "manual"] #jsch-os-injection
28 changes: 28 additions & 0 deletions java/ext/manual/com.jfinal.core.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,28 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["com.jfinal.core", "Controller", True, "get", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getBoolean", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getCookie", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getCookieObject", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getCookieObjects", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getCookieToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getCookieToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getDate", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getFile", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getFiles", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getHeader", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getKv", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getPara", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaMap", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaToBoolean", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaToDate", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaValues", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaValuesToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
- ["com.jfinal.core", "Controller", True, "getParaValuesToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
6 changes: 6 additions & 0 deletions java/ext/manual/java.io.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: summaryModel
data:
- ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] # android-web-resource-response
10 changes: 5 additions & 5 deletions java/ext/experimental/java.lang.model.yml → java/ext/manual/java.lang.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: experimentalSinkModel
extensible: sinkModel
data:
- ["java.lang", "Thread", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
- ["java.lang", "Thread", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual"] #thread-resource-abuse
- addsTo:
pack: codeql/java-all
extensible: experimentalSummaryModel
extensible: summaryModel
data:
- ["java.lang", "Math", False, "max", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
- ["java.lang", "Math", False, "min", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
- ["java.lang", "Math", False, "max", "", "", "Argument[0..1]", "ReturnValue", "value", "manual"] #thread-resource-abuse
- ["java.lang", "Math", False, "min", "", "", "Argument[0..1]", "ReturnValue", "value", "manual"] #thread-resource-abuse
4 changes: 2 additions & 2 deletions ...perimental/java.util.concurrent.model.yml → ...ext/manual/java.util.concurrent.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: experimentalSinkModel
extensible: sinkModel
data:
- ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
- ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual"] #thread-resource-abuse
10 changes: 10 additions & 0 deletions java/ext/manual/javax.servlet.http.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sourceModel
data:
- ["javax.servlet.http", "HttpServletRequest", False, "getPathInfo", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
- ["javax.servlet.http", "HttpServletRequest", False, "getPathTranslated", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
- ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
- ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
- ["javax.servlet.http", "HttpServletRequest", False, "getServletPath", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
10 changes: 5 additions & 5 deletions ...rg.apache.logging.log4j.message.model.yml → ...rg.apache.logging.log4j.message.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,9 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: experimentalSummaryModel
extensible: summaryModel
data:
- ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[this]", "taint", "manual", "log4j-injection"]
- ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual", "log4j-injection"]
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[this]", "ReturnValue", "value", "manual", "log4j-injection"]
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[this]", "taint", "manual", "log4j-injection"]
- ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] #log4j-injection
- ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual"] #log4j-injection
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[this]", "ReturnValue", "value", "manual"] #log4j-injection
- ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] #log4j-injection
Loading
Loading