Skip to content

Commit c213d56

Browse files
Jami CogswellJami Cogswell
Jami Cogswell
authored and
Jami Cogswell
committed
Java: resolve some more -1 to this conflicts
1 parent 9103e5c commit c213d56

18 files changed

Lines changed: 114 additions & 27 deletions

java/ql/lib/ext/java.awt.model.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5,3 +5,11 @@ extensions:
55
data:
66
- ["java.awt", "Container", True, "add", "(Component)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"] # ! signature as "" instead?
77
- ["java.awt", "Container", True, "add", "(Component,Object)", "", "Argument[0]", "Argument[-1].Element", "value", "manual"]
8+
9+
- addsTo:
10+
pack: codeql/java-all
11+
extensible: neutralModel
12+
data:
13+
# The below APIs have numeric flow and are currently being stored as neutral models.
14+
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
15+
- ["java.awt", "Insets", "Insets", "(int,int,int,int)", "manual"] # value-numeric

java/ql/lib/ext/java.io.model.yml

Lines changed: 14 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -59,11 +59,9 @@ extensions:
5959
- ["java.io", "CharArrayReader", False, "CharArrayReader", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
6060
- ["java.io", "CharArrayWriter", True, "toCharArray", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
6161
- ["java.io", "DataInput", True, "readFully", "", "", "Argument[this]", "Argument[0]", "taint", "manual"]
62-
- ["java.io", "DataInput", True, "readInt", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
6362
- ["java.io", "DataInput", True, "readLine", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
6463
- ["java.io", "DataInput", True, "readUTF", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]
6564
- ["java.io", "DataInputStream", False, "DataInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
66-
- ["java.io", "DataOutput", True, "writeInt", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
6765
- ["java.io", "File", False, "File", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
6866
- ["java.io", "File", False, "File", "", "", "Argument[1]", "Argument[this]", "taint", "manual"]
6967
- ["java.io", "File", True, "getAbsoluteFile", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@@ -99,7 +97,21 @@ extensions:
9997
pack: codeql/java-all
10098
extensible: neutralModel
10199
data:
100+
- ["java.io", "Closeable", "close", "()", "manual"]
102101
- ["java.io", "File", "delete", "()", "manual"]
103102
- ["java.io", "File", "exists", "()", "manual"]
103+
- ["java.io", "File", "getParentFile", "()", "manual"] # ! little unsure about this as a neutral
104+
- ["java.io", "File", "isFile", "()", "manual"]
105+
- ["java.io", "File", "length", "()", "manual"]
106+
- ["java.io", "File", "listFiles", "()", "manual"] # ! little unsure about this as a neutral
104107
- ["java.io", "File", "isDirectory", "()", "manual"]
105108
- ["java.io", "File", "mkdirs", "()", "manual"]
109+
- ["java.io", "InputStream", "close", "()", "manual"]
110+
- ["java.io", "OutputStream", "flush", "()", "manual"] # ! little unsure about this as a neutral, but not sure how to represent output if summary model...
111+
112+
# The below APIs have numeric flow and are currently being stored as neutral models.
113+
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
114+
- ["java.io", "DataInput", "readInt", "()", "manual"] # taint-numeric
115+
- ["java.io", "DataInput", "readLong", "()", "manual"] # taint-numeric
116+
- ["java.io", "DataOutput", "writeInt", "(int)", "manual"] # taint-numeric
117+
- ["java.io", "DataOutput", "writeLong", "(long)", "manual"] # taint-numeric

java/ql/lib/ext/java.lang.invoke.model.yml

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
extensions:
2+
- addsTo:
3+
pack: codeql/java-all
4+
extensible: neutralModel
5+
data:
6+
- ["java.lang.invoke", "MethodHandles", "lookup", "()", "manual"]

java/ql/lib/ext/java.lang.model.yml

Lines changed: 42 additions & 23 deletions
Original file line numberDiff line numberDiff line change
@@ -117,6 +117,7 @@ extensions:
117117
- ["java.lang", "System", False, "getenv", "(String)", "", "Argument[-1].MapValue", "ReturnValue", "value", "manual"] # ! neutral instead?
118118
- ["java.lang", "System", False, "getenv", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! really unsure about this...; neutral instead? -- or unmodelled
119119
- ["java.lang", "Thread", False, "Thread", "(Runnable)", "", "Argument[0]", "Argument[-1]", "taint", "manual"] # ! neutral instead?
120+
- ["java.lang", "Thread", True, "getName", "()", "", "Argument[-1].SyntheticField[java.lang.Thread.name]", "ReturnValue", "value", "manual"]
120121
- ["java.lang", "ThreadLocal", True, "get", "()", "", "Argument[-1].SyntheticField[java.lang.ThreadLocal.value]", "ReturnValue", "value", "manual"] # ! not sure if this model is correct, and if should be neutral model instead
121122
- ["java.lang", "Throwable", False, "Throwable", "(Throwable)", "", "Argument[0]", "Argument[this].SyntheticField[java.lang.Throwable.cause]", "value", "manual"]
122123
- ["java.lang", "Throwable", True, "getCause", "()", "", "Argument[this].SyntheticField[java.lang.Throwable.cause]", "ReturnValue", "value", "manual"]
@@ -128,11 +129,16 @@ extensions:
128129
extensible: neutralModel
129130
data:
130131
- ["java.lang", "AbstractStringBuilder", "length", "()", "manual"]
132+
- ["java.lang", "AbstractStringBuilder", "setCharAt", "(int,char)", "manual"] # ! char manipulation not interesting? (or interesting since could set many chars... prbly switch to summary model)
133+
- ["java.lang", "AbstractStringBuilder", "setLength", "(int)", "manual"] # ! summary?
131134
- ["java.lang", "Boolean", "equals", "(Object)", "manual"]
132135
- ["java.lang", "Boolean", "valueOf", "(boolean)", "manual"]
136+
- ["java.lang", "CharSequence", "length", "()", "manual"]
133137
- ["java.lang", "Class", "forName", "(String)", "manual"]
134138
- ["java.lang", "Class", "getCanonicalName", "()", "manual"]
135139
- ["java.lang", "Class", "getClassLoader", "()", "manual"]
140+
- ["java.lang", "Class", "getDeclaredConstructor", "(Class[])", "manual"]
141+
- ["java.lang", "Class", "getDeclaredField", "(String)", "manual"]
136142
- ["java.lang", "Class", "getMethod", "(String,Class[])", "manual"]
137143
- ["java.lang", "Class", "getName", "()", "manual"]
138144
- ["java.lang", "Class", "getResource", "(String)", "manual"]
@@ -141,6 +147,8 @@ extensions:
141147
- ["java.lang", "Class", "isAssignableFrom", "(Class)", "manual"]
142148
- ["java.lang", "Class", "isInstance", "(Object)", "manual"]
143149
- ["java.lang", "Class", "toString", "()", "manual"]
150+
- ["java.lang", "ClassLoader", "getResource", "(String)", "manual"]
151+
- ["java.lang", "ClassLoader", "getResourceAsStream", "(String)", "manual"]
144152
- ["java.lang", "Enum", "Enum", "(String,int)", "manual"]
145153
- ["java.lang", "Enum", "equals", "(Object)", "manual"]
146154
- ["java.lang", "Enum", "hashCode", "()", "manual"]
@@ -154,6 +162,7 @@ extensions:
154162
- ["java.lang", "Object", "hashCode", "()", "manual"]
155163
- ["java.lang", "Object", "toString", "()", "manual"]
156164
- ["java.lang", "Runnable", "run", "()", "manual"]
165+
- ["java.lang", "Runtime", "getRuntime", "()", "manual"]
157166
- ["java.lang", "String", "compareTo", "(String)", "manual"]
158167
- ["java.lang", "String", "contains", "(CharSequence)", "manual"]
159168
- ["java.lang", "String", "endsWith", "(String)", "manual"]
@@ -164,39 +173,49 @@ extensions:
164173
- ["java.lang", "String", "indexOf", "(String)", "manual"]
165174
- ["java.lang", "String", "isEmpty", "()", "manual"]
166175
- ["java.lang", "String", "lastIndexOf", "(int)", "manual"]
176+
- ["java.lang", "String", "lastIndexOf", "(String)", "manual"]
167177
- ["java.lang", "String", "length", "()", "manual"]
168178
- ["java.lang", "String", "startsWith", "(String)", "manual"]
179+
- ["java.lang", "String", "valueOf", "(boolean)", "manual"]
169180
- ["java.lang", "System", "currentTimeMillis", "()", "manual"]
170181
- ["java.lang", "System", "exit", "(int)", "manual"]
171182
- ["java.lang", "System", "identityHashCode", "(Object)", "manual"]
172183
- ["java.lang", "System", "lineSeparator", "()", "manual"] # ! double-check...
173184
- ["java.lang", "System", "nanoTime", "()", "manual"]
174185
- ["java.lang", "Thread", "currentThread", "()", "manual"]
186+
- ["java.lang", "Thread", "getContextClassLoader", "()", "manual"] # ! summary instead?
175187
- ["java.lang", "Thread", "interrupt", "()", "manual"]
176188
- ["java.lang", "Thread", "sleep", "(long)", "manual"]
177189
- ["java.lang", "Thread", "start", "()", "manual"]
178190
# The below APIs have numeric flow and are currently being stored as neutral models.
179191
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
180-
- ["java.lang", "Boolean", "booleanValue", "()", "manual"] # taint-numeric
181-
- ["java.lang", "Boolean", "parseBoolean", "(String)", "manual"] # taint-numeric
182-
- ["java.lang", "Double", "parseDouble", "(String)", "manual"] # taint-numeric
183-
- ["java.lang", "Integer", "Integer", "(int)", "manual"] # taint-numeric
184-
- ["java.lang", "Integer", "intValue", "()", "manual"] # taint-numeric
185-
- ["java.lang", "Integer", "parseInt", "(String)", "manual"] # taint-numeric
186-
- ["java.lang", "Integer", "toHexString", "(int)", "manual"] # taint-numeric
187-
- ["java.lang", "Integer", "toString", "()", "manual"] # taint-numeric
188-
- ["java.lang", "Integer", "toString", "(int)", "manual"] # taint-numeric
189-
- ["java.lang", "Integer", "valueOf", "(int)", "manual"] # taint-numeric
190-
- ["java.lang", "Integer", "valueOf", "(String)", "manual"] # taint-numeric # ! should probably make this and others like it have a "" signature instead...
191-
- ["java.lang", "Long", "Long", "(long)", "manual"] # taint-numeric
192-
- ["java.lang", "Long", "intValue", "()", "manual"] # taint-numeric
193-
- ["java.lang", "Long", "longValue", "()", "manual"] # taint-numeric
194-
- ["java.lang", "Long", "parseLong", "(String)", "manual"] # taint-numeric
195-
- ["java.lang", "Long", "toString", "()", "manual"] # taint-numeric
196-
- ["java.lang", "Long", "toString", "(long)", "manual"] # taint-numeric
197-
- ["java.lang", "Long", "valueOf", "(long)", "manual"] # taint-numeric
198-
- ["java.lang", "Long", "valueOf", "(String)", "manual"] # taint-numeric
199-
- ["java.lang", "Math", "max", "(int,int)", "manual"] # value-numeric
200-
- ["java.lang", "Math", "min", "(int,int)", "manual"] # value-numeric
201-
- ["java.lang", "String", "valueOf", "(int)", "manual"] # taint-numeric
202-
- ["java.lang", "String", "valueOf", "(long)", "manual"] # taint-numeric
192+
- ["java.lang", "Boolean", "booleanValue", "()", "manual"] # taint-numeric
193+
- ["java.lang", "Boolean", "parseBoolean", "(String)", "manual"] # taint-numeric
194+
- ["java.lang", "Double", "doubleToLongBits", "(double)", "manual"] # taint-numeric
195+
- ["java.lang", "Double", "parseDouble", "(String)", "manual"] # taint-numeric
196+
- ["java.lang", "Double", "valueOf", "(double)", "manual"] # taint-numeric
197+
- ["java.lang", "Integer", "Integer", "(int)", "manual"] # taint-numeric
198+
- ["java.lang", "Integer", "intValue", "()", "manual"] # taint-numeric
199+
- ["java.lang", "Integer", "parseInt", "(String)", "manual"] # taint-numeric
200+
- ["java.lang", "Integer", "toHexString", "(int)", "manual"] # taint-numeric
201+
- ["java.lang", "Integer", "toString", "()", "manual"] # taint-numeric
202+
- ["java.lang", "Integer", "toString", "(int)", "manual"] # taint-numeric
203+
- ["java.lang", "Integer", "valueOf", "(int)", "manual"] # taint-numeric
204+
- ["java.lang", "Integer", "valueOf", "(String)", "manual"] # taint-numeric # ! should probably make this and others like it have a "" signature instead...
205+
- ["java.lang", "Long", "Long", "(long)", "manual"] # taint-numeric
206+
- ["java.lang", "Long", "intValue", "()", "manual"] # taint-numeric
207+
- ["java.lang", "Long", "longValue", "()", "manual"] # taint-numeric
208+
- ["java.lang", "Long", "parseLong", "(String)", "manual"] # taint-numeric
209+
- ["java.lang", "Long", "toString", "()", "manual"] # taint-numeric
210+
- ["java.lang", "Long", "toString", "(long)", "manual"] # taint-numeric
211+
- ["java.lang", "Long", "valueOf", "(long)", "manual"] # taint-numeric
212+
- ["java.lang", "Long", "valueOf", "(String)", "manual"] # taint-numeric
213+
- ["java.lang", "Math", "max", "(int,int)", "manual"] # value-numeric
214+
- ["java.lang", "Math", "max", "(long,long)", "manual"] # value-numeric
215+
- ["java.lang", "Math", "min", "(int,int)", "manual"] # value-numeric
216+
- ["java.lang", "Math", "min", "(long,long)", "manual"] # value-numeric
217+
- ["java.lang", "Number", "doubleValue", "()", "manual"] # taint-numeric # ! remove others that could rely on subtyping through Number instead? (e.g. Double, Integer, etc.)
218+
- ["java.lang", "Number", "intValue", "()", "manual"] # taint-numeric
219+
- ["java.lang", "Number", "longValue", "()", "manual"] # taint-numeric
220+
- ["java.lang", "String", "valueOf", "(int)", "manual"] # taint-numeric
221+
- ["java.lang", "String", "valueOf", "(long)", "manual"] # taint-numeric

java/ql/lib/ext/java.lang.reflect.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ extensions:
44
extensible: summaryModel
55
data:
66
- ["java.lang.reflect", "Constructor", False, "newInstance", "(Object[])", "", "Argument[0].ArrayElement", "ReturnValue.Parameter", "value", "manual"] # ! unsure about input/output
7+
- ["java.lang.reflect", "Field", False, "get", "(Object)", "", "Argument[0].Field", "ReturnValue", "value", "manual"] # ! very unsure about
78
- ["java.lang.reflect", "Method", False, "invoke", "(Object,Object[])", "", "Argument[1].ArrayElement", "Argument[-1].Parameter[0]", "value", "manual"] # ! very unsure if this model is correct...
89

910
- addsTo:

java/ql/lib/ext/java.math.model.yml

Lines changed: 5 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,9 +11,14 @@ extensions:
1111
- ["java.math", "BigDecimal", "BigDecimal", "(String)", "manual"] # taint-numeric
1212
- ["java.math", "BigDecimal", "add", "(BigDecimal)", "manual"] # taint-numeric
1313
- ["java.math", "BigDecimal", "doubleValue", "()", "manual"] # taint-numeric
14+
- ["java.math", "BigDecimal", "intValue", "()", "manual"] # taint-numeric
15+
- ["java.math", "BigDecimal", "multiply", "(BigDecimal)", "manual"] # taint-numeric
1416
- ["java.math", "BigDecimal", "setScale", "(int,RoundingMode)", "manual"] # taint-numeric
17+
- ["java.math", "BigDecimal", "subtract", "(BigDecimal)", "manual"] # taint-numeric
18+
- ["java.math", "BigDecimal", "toBigInteger", "()", "manual"] # taint-numeric
1519
- ["java.math", "BigDecimal", "toString", "()", "manual"] # taint-numeric
1620
- ["java.math", "BigDecimal", "valueOf", "(double)", "manual"] # taint-numeric
1721
- ["java.math", "BigDecimal", "valueOf", "(long)", "manual"] # taint-numeric
22+
- ["java.math", "BigInteger", "BigInteger", "(String)", "manual"] # taint-numeric
1823
- ["java.math", "BigInteger", "or", "(BigInteger)", "manual"] # taint-numeric
1924
- ["java.math", "BigInteger", "valueOf", "(long)", "manual"] # taint-numeric

java/ql/lib/ext/java.nio.file.model.yml

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,7 +44,9 @@ extensions:
4444
- ["java.nio.file", "FileSystem", True, "getPathMatcher", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
4545
- ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
4646
- ["java.nio.file", "Path", True, "getParent", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
47+
# ! should Path have subtyping of False for all methods instead? Why is `toFile` different?
4748
- ["java.nio.file", "Path", True, "normalize", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
49+
- ["java.nio.file", "Path", False, "getFileName", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! maybe need more field flow?
4850
- ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
4951
- ["java.nio.file", "Path", True, "of", "(String,String[])", "", "Argument[1]", "ReturnValue", "taint", "ai-generated"]
5052
- ["java.nio.file", "Path", True, "of", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]

java/ql/lib/ext/java.nio.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -11,5 +11,6 @@ extensions:
1111
pack: codeql/java-all
1212
extensible: neutralModel
1313
data:
14+
- ["java.nio", "Buffer", "position", "()", "manual"] # ! maybe should be summary?
1415
- ["java.nio", "Buffer", "remaining", "()", "manual"]
1516
- ["java.nio", "ByteBuffer", "allocate", "(int)", "manual"]

java/ql/lib/ext/java.sql.model.yml

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -24,16 +24,20 @@ extensions:
2424
- ["java.sql", "PreparedStatement", True, "executeQuery", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"] # ! this should maybe be a neutral model, not sure if this really counts as "flow through"...
2525
- ["java.sql", "PreparedStatement", True, "setString", "(int,String)", "", "Argument[1]", "Argument[this]", "value", "manual"]
2626
- ["java.sql", "ResultSet", True, "getString", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"]
27+
- ["java.sql", "ResultSet", True, "getTimestamp", "(String)", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
28+
2729
- addsTo:
2830
pack: codeql/java-all
2931
extensible: neutralModel
3032
data:
33+
- ["java.sql", "Connection", "createStatement", "()", "manual"]
3134
- ["java.sql", "PreparedStatement", "executeUpdate", "()", "manual"]
3235
- ["java.sql", "ResultSet", "next", "()", "manual"]
3336
# The below APIs have numeric flow and are currently being stored as neutral models.
3437
# These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
3538
- ["java.sql", "PreparedStatement", "setInt", "(int,int)", "manual"] # value-numeric
3639
- ["java.sql", "PreparedStatement", "setLong", "(int,long)", "manual"] # value-numeric
40+
- ["java.sql", "ResultSet", "getInt", "(int)", "manual"] # taint-numeric
3741
- ["java.sql", "ResultSet", "getInt", "(String)", "manual"] # taint-numeric
3842
- ["java.sql", "ResultSet", "getLong", "(String)", "manual"] # taint-numeric
3943
- ["java.sql", "ResultSet", "getString", "(int)", "manual"] # taint-numeric

java/ql/lib/ext/java.text.model.yml

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,7 @@ extensions:
44
extensible: summaryModel
55
data:
66
- ["java.text", "DateFormat", True, "parse", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! maybe not interesting flow and should be neutral model?
7+
- ["java.text", "Format", True, "format", "(Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! would cover DateFormat.format below through subtyping...
78
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[0]", "ReturnValue", "taint", "manual"] # ! not sure I did this right
89
- ["java.text", "MessageFormat", False, "format", "(String,Object[])", "", "Argument[1].ArrayElement", "ReturnValue", "taint", "manual"] # ! not sure I did this right
910

0 commit comments

Comments
 (0)