Update supported sink and source kinds

koesie10 · koesie10 · commit b3c83d175add · 2024-03-26T12:09:51.000+01:00
diff --git a/extensions/ql-vscode/src/model-editor/languages/csharp/index.ts b/extensions/ql-vscode/src/model-editor/languages/csharp/index.ts
@@ -10,6 +10,12 @@ export const csharp: ModelsAsDataLanguage = {
     },
     source: {
       ...staticLanguage.predicates.source,
+      supportedKinds: [
+        ...staticLanguage.predicates.source.supportedKinds,
+        // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L122-L123
+        "file-write",
+        "windows-registry",
+      ],
     },
   },
 };
diff --git a/extensions/ql-vscode/src/model-editor/languages/java/index.ts b/extensions/ql-vscode/src/model-editor/languages/java/index.ts
@@ -7,9 +7,36 @@ export const java: ModelsAsDataLanguage = {
     ...staticLanguage.predicates,
     sink: {
       ...staticLanguage.predicates.sink,
+      supportedKinds: [
+        ...staticLanguage.predicates.sink.supportedKinds,
+        // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L32-L37
+        "bean-validation",
+        "fragment-injection",
+        "groovy-injection",
+        "hostname-verification",
+        "information-leak",
+        "intent-redirection",
+        "jexl-injection",
+        "jndi-injection",
+        "mvel-injection",
+        "notification",
+        "ognl-injection",
+        "pending-intents",
+        "response-splitting",
+        "trust-boundary-violation",
+        "template-injection",
+        "xpath-injection",
+        "xslt-injection",
+      ],
     },
     source: {
       ...staticLanguage.predicates.source,
+      supportedKinds: [
+        ...staticLanguage.predicates.source.supportedKinds,
+        // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L120-L121
+        "android-external-storage-dir",
+        "contentprovider",
+      ],
     },
   },
 };
diff --git a/extensions/ql-vscode/src/model-editor/languages/shared.ts b/extensions/ql-vscode/src/model-editor/languages/shared.ts
@@ -6,10 +6,13 @@ export const sharedExtensiblePredicates = {
 };
 
 export const sharedKinds = {
-  source: ["local", "remote"],
+  // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L118-L119
+  source: ["local", "remote", "file", "commandargs", "database", "environment"],
+  // Bhttps://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L28-L31
   sink: [
     "code-injection",
     "command-injection",
+    "environment-injection",
     "file-content-store",
     "html-injection",
     "js-injection",
@@ -20,6 +23,8 @@ export const sharedKinds = {
     "sql-injection",
     "url-redirection",
   ],
+  // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L142-L143
   summary: ["taint", "value"],
+  // https://github.com/github/codeql/blob/0c5ea975a4c4dc5c439b908c006e440cb9bdf926/shared/mad/codeql/mad/ModelValidation.qll#L155-L156
   neutral: ["summary", "source", "sink"],
 };
