From a36c12ff1f73a1a3e14176c4ce1444c801b6c834 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Fri, 28 Jul 2023 16:54:56 -0400
Subject: [PATCH] Add trust-boundary-violation sink kind

---
 java/ql/lib/ext/javax.servlet.http.model.yml                  | 4 ++--
 java/ql/lib/ext/org.apache.struts2.dispatcher.model.yml       | 2 +-
 java/ql/lib/ext/org.apache.struts2.interceptor.model.yml      | 4 ++--
 java/ql/lib/ext/play.mvc.model.yml                            | 2 +-
 .../semmle/code/java/security/TrustBoundaryViolationQuery.qll | 2 +-
 shared/mad/codeql/mad/ModelValidation.qll                     | 2 +-
 6 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/java/ql/lib/ext/javax.servlet.http.model.yml b/java/ql/lib/ext/javax.servlet.http.model.yml
index 1735491f4eb..c2d76a2ea7a 100644
--- a/java/ql/lib/ext/javax.servlet.http.model.yml
+++ b/java/ql/lib/ext/javax.servlet.http.model.yml
@@ -26,8 +26,8 @@ extensions:
       - ["javax.servlet.http", "HttpServletResponse", False, "addHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
       - ["javax.servlet.http", "HttpServletResponse", False, "sendError", "(int,String)", "", "Argument[1]", "information-leak", "manual"]
       - ["javax.servlet.http", "HttpServletResponse", False, "setHeader", "", "", "Argument[0..1]", "response-splitting", "manual"]
-      - ["javax.servlet.http", "HttpSession", True, "putValue", "", "", "Argument[0..1]", "trust-boundary", "manual"]
-      - ["javax.servlet.http", "HttpSession", True, "setAttribute", "", "", "Argument[0..1]", "trust-boundary", "manual"]
+      - ["javax.servlet.http", "HttpSession", True, "putValue", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
+      - ["javax.servlet.http", "HttpSession", True, "setAttribute", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/ext/org.apache.struts2.dispatcher.model.yml b/java/ql/lib/ext/org.apache.struts2.dispatcher.model.yml
index f1c7e90f0e8..c15ad1cb315 100644
--- a/java/ql/lib/ext/org.apache.struts2.dispatcher.model.yml
+++ b/java/ql/lib/ext/org.apache.struts2.dispatcher.model.yml
@@ -3,4 +3,4 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-    - ["org.apache.struts2.dispatcher", "SessionMap", False, "put", "", "", "Argument[0..1]", "trust-boundary", "manual"]
+    - ["org.apache.struts2.dispatcher", "SessionMap", False, "put", "", "", "Argument[0..1]", "trust-boundary-violation", "manual"]
diff --git a/java/ql/lib/ext/org.apache.struts2.interceptor.model.yml b/java/ql/lib/ext/org.apache.struts2.interceptor.model.yml
index da6a83c2af4..4b9ccb2e093 100644
--- a/java/ql/lib/ext/org.apache.struts2.interceptor.model.yml
+++ b/java/ql/lib/ext/org.apache.struts2.interceptor.model.yml
@@ -3,5 +3,5 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-    - ["org.apache.struts2.interceptor", "SessionAware", False, "setSession", "", "", "Argument[0]", "trust-boundary", "manual"]
-    - ["org.apache.struts2.interceptor", "SessionAware", False, "withSession", "", "", "Argument[0]", "trust-boundary", "manual"]
\ No newline at end of file
+    - ["org.apache.struts2.interceptor", "SessionAware", False, "setSession", "", "", "Argument[0]", "trust-boundary-violation", "manual"]
+    - ["org.apache.struts2.interceptor", "SessionAware", False, "withSession", "", "", "Argument[0]", "trust-boundary-violation", "manual"]
\ No newline at end of file
diff --git a/java/ql/lib/ext/play.mvc.model.yml b/java/ql/lib/ext/play.mvc.model.yml
index 85d1c3c3e8d..3a11ddd649d 100644
--- a/java/ql/lib/ext/play.mvc.model.yml
+++ b/java/ql/lib/ext/play.mvc.model.yml
@@ -20,7 +20,7 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["play.mvc", "Result", False, "addingToSession", "", "", "Argument[1..2]", "trust-boundary", "manual"]
+      - ["play.mvc", "Result", False, "addingToSession", "", "", "Argument[1..2]", "trust-boundary-violation", "manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
diff --git a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
index a8265069d30..52790f5e186 100644
--- a/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll
@@ -18,7 +18,7 @@ private class RemoteSource extends TrustBoundaryViolationSource instanceof Remot
  * A sink for data that crosses a trust boundary.
  */
 class TrustBoundaryViolationSink extends DataFlow::Node {
-  TrustBoundaryViolationSink() { sinkNode(this, "trust-boundary") }
+  TrustBoundaryViolationSink() { sinkNode(this, "trust-boundary-violation") }
 }
 
 /**
diff --git a/shared/mad/codeql/mad/ModelValidation.qll b/shared/mad/codeql/mad/ModelValidation.qll
index d5108c2eeec..7225c2bc1ee 100644
--- a/shared/mad/codeql/mad/ModelValidation.qll
+++ b/shared/mad/codeql/mad/ModelValidation.qll
@@ -33,7 +33,7 @@ module KindValidation<KindValidationConfigSig Config> {
           "bean-validation", "fragment-injection", "groovy-injection", "hostname-verification",
           "information-leak", "intent-redirection", "jexl-injection", "jndi-injection",
           "mvel-injection", "ognl-injection", "pending-intents", "response-splitting",
-          "template-injection", "xpath-injection", "xslt-injection",
+          "trust-boundary-violation", "template-injection", "xpath-injection", "xslt-injection",
           // JavaScript-only currently, but may be shared in the future
           "mongodb.sink", "nosql-injection", "unsafe-deserialization",
           // Swift-only currently, but may be shared in the future