github
diff --git a/‎java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml‎
Lines changed: 23 additions & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.client5.http.async.methods.model.yml‎
Lines changed: 23 additions & 0 deletions
diff --git a/‎java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml‎
Lines changed: 7 additions & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.core5.http.impl.bootstrap.model.yml‎
Lines changed: 7 additions & 0 deletions
diff --git a/‎java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml‎
Lines changed: 1 addition & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.core5.http.io.support.model.yml‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml‎
Lines changed: 4 additions & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.core5.http.message.model.yml‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎java/ql/lib/ext/org.apache.hc.core5.http.model.yml‎
Lines changed: 5 additions & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.core5.http.model.yml‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml‎
Lines changed: 5 additions & 0 deletions b/‎java/ql/lib/ext/org.apache.hc.core5.http.nio.support.model.yml‎
Lines changed: 5 additions & 0 deletions
@@ -3,50 +3,72 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]         # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]            # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "get", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]           # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "head", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]        # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "options", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]          # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]           # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "post", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]            # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "put", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]          # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "BasicHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "%-url", "manual"] # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "ConfigurableHttpRequest", True, "ConfigurableHttpRequest", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"] # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "%-url", "manual"] # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "SimpleHttpRequest", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,String)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequest", True, "create", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"] # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,String)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,String)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "create", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]        # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "delete", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]           # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "get", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]          # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "head", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]       # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "options", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]         # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "patch", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]          # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "post", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]           # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "put", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(HttpHost,String)", "", "Argument[0]", "%-url", "manual"]         # ! ModelType: sink, Notes:
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleHttpRequests", True, "trace", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "delete", "(String)", "", "Argument[0]", "%-url", "manual"]
@@ -63,6 +85,7 @@ extensions:
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "setHttpHost", "", "", "Argument[0]", "%-url", "manual"]                  # ! ModelType: sink, Notes: possibly subtyped by AbstractRequestBuilder
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.client5.http.async.methods", "SimpleRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "%-url", "manual"]
 
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-tests
+      extensible: sinkModel
+    data:
+      - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout)", "", "Argument[0]", "%-url", "manual"] # ! ModelType: sink, Notes: double-check this
+      - ["org.apache.hc.core5.http.impl.bootstrap", "HttpAsyncRequester", True, "connect", "(HttpHost,Timeout,Object,FutureCallback)", "", "Argument[0]", "%-url", "manual"] # ! ModelType: sink, Notes: double-check this
@@ -17,6 +17,7 @@ extensions:
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "setHttpHost", "", "", "Argument[0]", "%-url", "manual"]  # ! ModelType: sink, Notes: possibly subtyped by AbstractRequestBuilder
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.io.support", "ClassicRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "%-url", "manual"]
 
@@ -3,9 +3,13 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.message", "BasicClassicHttpRequest", True, "BasicClassicHttpRequest", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]                # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]                # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "BasicHttpRequest", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.message", "BasicHttpRequest", True, "setUri", "", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.message", "HttpRequestWrapper", True, "setUri", "", "", "Argument[0]", "%-url", "manual"]
 
@@ -4,6 +4,11 @@ extensions:
       extensible: sinkModel
     data:
       - ["org.apache.hc.core5.http", "HttpEntityContainer", True, "setEntity", "(HttpEntity)", "", "Argument[0]", "xss", "manual"]
+      - ["org.apache.hc.core5.http", "HttpHost", True, "HttpHost", "(String)", "", "Argument[0]", "%-url", "manual"]  # ! ModelType: sinkOrStep, Notes:
+      - ["org.apache.hc.core5.http", "HttpHost", True, "HttpHost", "(String,InetAddress,String,int)", "", "Argument[2]", "%-url", "manual"]  # ! ModelType: sinkOrStep, Notes:
+      - ["org.apache.hc.core5.http", "HttpHost", True, "HttpHost", "(String,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sinkOrStep, Notes:
+      - ["org.apache.hc.core5.http", "HttpHost", True, "HttpHost", "(String,String,int)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sinkOrStep, Notes:
+      - ["org.apache.hc.core5.http", "HttpHost", True, "HttpHost", "(String,int)", "", "Argument[0]", "%-url", "manual"]  # ! ModelType: sinkOrStep, Notes:
       - ["org.apache.hc.core5.http", "HttpHost", True, "create", "(URI)", "", "Argument[0]", "%-url", "manual"] # ! maybe step instead
       - ["org.apache.hc.core5.http", "HttpRequest", True, "setUri", "", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http", "HttpRequestFactory", True, "newHttpRequest", "(String,String)", "", "Argument[1]", "%-url", "manual"] # ! potentially combine with below so signature is ""; make sure still interesting since "Factory" method
 
@@ -17,11 +17,16 @@ extensions:
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "post", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "put", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "setHttpHost", "", "", "Argument[0]", "%-url", "manual"]  # ! ModelType: sink, Notes: possibly subtyped by AbstractRequestBuilder
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "setUri", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "setUri", "(URI)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(String)", "", "Argument[0]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "AsyncRequestBuilder", True, "trace", "(URI)", "", "Argument[0]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
+      - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(Method,URI,AsyncEntityProducer)", "", "Argument[1]", "%-url", "manual"]
+      - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
+      - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,HttpHost,String,AsyncEntityProducer)", "", "Argument[1]", "%-url", "manual"]  # ! ModelType: sink, Notes:
       - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI)", "", "Argument[1]", "%-url", "manual"]
       - ["org.apache.hc.core5.http.nio.support", "BasicRequestProducer", True, "BasicRequestProducer", "(String,URI,AsyncEntityProducer)", "", "Argument[1]", "%-url", "manual"]