Merge pull request #16062 from atorralba/atorralba/java/more-neutrals

Java: Add more neutrals and improve `java.net.URL` models
2024-03-27 10:41:38 +01:00 · 2024-03-27 10:41:38 +01:00 · b617667b0e
--- a/java/ql/lib/change-notes/2024-03-26-url-models-precision.md
+++ b/java/ql/lib/change-notes/2024-03-26-url-models-precision.md
@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Increased the precision of some dataflow models of the class `java.net.URL` by distinguishing the parts of a URL.
--- a/java/ql/lib/ext/java.net.model.yml
+++ b/java/ql/lib/ext/java.net.model.yml
@ -18,6 +18,7 @@ extensions:
      - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"]
      - ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String,char[])", "", "Argument[1]", "credentials-password", "hq-generated"]
      - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"]
+      - ["java.net", "URL", False, "getContent", "", "", "Argument[this]", "request-forgery", "manual"]
      - ["java.net", "URL", False, "openConnection", "", "", "Argument[this]", "request-forgery", "manual"]
      - ["java.net", "URL", False, "openConnection", "(Proxy)", "", "Argument[0]", "request-forgery", "ai-manual"]
      - ["java.net", "URL", False, "openStream", "", "", "Argument[this]", "request-forgery", "manual"]
@ -52,9 +53,16 @@ extensions:
      - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["java.net", "URI", False, "toString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
      - ["java.net", "URI", False, "toURL", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
-      - ["java.net", "URL", False, "getFile", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
-      - ["java.net", "URL", False, "getPath", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
+      - ["java.net", "URL", False, "getFile", "()", "", "Argument[this].SyntheticField[java.net.URL.path]", "ReturnValue", "taint", "ai-manual"]
+      - ["java.net", "URL", False, "getPath", "()", "", "Argument[this].SyntheticField[java.net.URL.path]", "ReturnValue", "taint", "ai-manual"]
+      - ["java.net", "URL", False, "getQuery", "()", "", "Argument[this].SyntheticField[java.net.URL.path]", "ReturnValue", "taint", "df-manual"] # query is part of the path
      - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,int,String)", "", "Argument[1]", "Argument[this]", "taint", "df-manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,int,String)", "", "Argument[3]", "Argument[this].SyntheticField[java.net.URL.path]", "taint", "df-manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,int,String,URLStreamHandler)", "", "Argument[1]", "Argument[this]", "taint", "df-manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,int,String,URLStreamHandler)", "", "Argument[3]", "Argument[this].SyntheticField[java.net.URL.path]", "taint", "df-manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,String)", "", "Argument[1]", "Argument[this]", "taint", "df-manual"]
+      - ["java.net", "URL", False, "URL", "(String,String,String)", "", "Argument[2]", "Argument[this].SyntheticField[java.net.URL.path]", "taint", "df-manual"]
      - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]
      - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[this]", "taint", "ai-manual"]
      - ["java.net", "URL", False, "toExternalForm", "", "", "Argument[this]", "ReturnValue", "taint", "manual"]
@ -69,3 +77,9 @@ extensions:
      - ["java.net", "Socket", "getOutputStream", "()", "summary", "df-manual"]
      - ["java.net", "Socket", "connect", "(SocketAddress)", "summary", "df-manual"]
      - ["java.net", "Socket", "connect", "(SocketAddress,int)", "summary", "df-manual"]
+      - ["java.net", "URL", "getContent", "()", "summary", "df-manual"]
+      - ["java.net", "URL", "getDefaultPort", "()", "summary", "df-manual"]
+      - ["java.net", "URL", "getPort", "()", "summary", "df-manual"]
+      - ["java.net", "URL", "getProtocol", "()", "summary", "df-manual"]
+      - ["java.net", "URL", "openConnection", "()", "summary", "df-manual"]
+      - ["java.net", "URL", "openStream", "()", "summary", "df-manual"]
--- a/java/ql/lib/ext/java.nio.file.model.yml
+++ b/java/ql/lib/ext/java.nio.file.model.yml
@ -90,8 +90,31 @@ extensions:
      extensible: neutralModel
    data:
      # summary neutrals
-      - ["java.nio.file", "Files", "exists", "(Path,LinkOption[])", "summary", "manual"]
-      - ["java.nio.file", "Files", "newInputStream", "(Path,OpenOption[])", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "copy", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createDirectories", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createDirectory", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createFile", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createLink", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createSymbolicLink", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createTempDirectory", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "createTempFile", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "delete", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "deleteIfExists", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "getFileStore", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "exists", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "lines", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "move", "", summary, "df-manual"]
+      - ["java.nio.file", "Files", "newBufferedReader", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "newBufferedWriter", "", summary, "df-manual"]
+      - ["java.nio.file", "Files", "newInputStream", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "newOutputStream", "", summary, "df-manual"]
+      - ["java.nio.file", "Files", "notExists", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "probeContentType", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "readAllBytes", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "readAllLines", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "readString", "", "summary", "df-manual"]
+      - ["java.nio.file", "Files", "write", "", summary, "df-manual"]
+      - ["java.nio.file", "Files", "writeString", "", summary, "df-manual"]
      # sink neutrals
      - ["java.nio.file", "Files", "getLastModifiedTime", "", "sink", "hq-manual"]
      - ["java.nio.file", "Files", "getOwner", "", "sink", "hq-manual"]
--- a/java/ql/lib/ext/java.security.cert.model.yml
+++ b/java/ql/lib/ext/java.security.cert.model.yml
@ -4,3 +4,43 @@ extensions:
      extensible: sinkModel
    data:
      - ["java.security.cert", "X509CertSelector", False, "setSubjectPublicKey", "(byte[])", "", "Argument[0]", "credentials-key", "hq-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: neutralModel
+    data:
+      - ["java.security.cert", "CertificateFactory", "CertificateFactory", "(CertificateFactorySpi,Provider,String)", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "generateCertificate", "(InputStream)", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "generateCertificates", "(InputStream)", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "generateCertPath", "", "summary", "df-manual"] 
+      - ["java.security.cert", "CertificateFactory", "generateCRL", "(InputStream)", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "generateCRLs", "(InputStream)", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "getCertPathEncodings", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "getInstance", "", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "getProvider", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertificateFactory", "getType", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "CertStore", "(CertStoreSpi,Provider,String,CertStoreParameters)", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getCertificates", "(CertSelector)", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getCertStoreCertificates", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getCRLs", "(CRLSelector)", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getDefaultType", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getInstance", "", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getProvider", "()", "summary", "df-manual"]
+      - ["java.security.cert", "CertStore", "getType", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "PKIXParameters", "", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "addCertPathChecker", "(PKIXCertPathChecker)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "addCertStore", "(CertStore)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getCertPathCheckers", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getCertStores", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getDate", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getInitialPolicies", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getPolicyQualifiersRejected", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getSigProvider", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getTargetCertConstraints", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "getTrustAnchors", "()", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setAnyPolicyInhibited", "(boolean)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setCertPathCheckers", "(List)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setCertStores", "(List)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setDate", "(Date)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setSigProvider", "(String)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setTargetConstraints", "(CertSelector)", "summary", "df-manual"]
+      - ["java.security.cert", "PKIXParameters", "setTrustAnchors", "(Set)", "summary", "df-manual"]
--- a/java/ql/lib/ext/java.security.model.yml
+++ b/java/ql/lib/ext/java.security.model.yml
@ -15,6 +15,17 @@ extensions:
      - ["java.security", "KeyStoreSpi", True, "engineSetKeyEntry", "(String,Key,char[],Certificate[])", "", "Argument[2]", "credentials-password", "hq-generated"]
      - ["java.security", "KeyStoreSpi", True, "engineStore", "(OutputStream,char[])", "", "Argument[1]", "credentials-password", "hq-generated"]
      - ["java.security", "KeyStoreSpi", True, "engineSetKeyEntry", "(String,byte[],Certificate[])", "", "Argument[1]", "credentials-key", "hq-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.security", "CodeSource", False, "CodeSource", "(URL,Certificate[])", "", "Argument[0]", "Argument[this]", "taint", "df-manual"]
+      - ["java.security", "CodeSource", False, "CodeSource", "(URL,Certificate[])", "", "Argument[1].ArrayElement", "Argument[this].SyntheticField[java.security.CodeSource.certificates].ArrayElement", "value", "df-manual"]
+      - ["java.security", "CodeSource", False, "CodeSource", "(URL,CodeSigner[])", "", "Argument[0]", "Argument[this]", "taint", "df-manual"]
+      - ["java.security", "CodeSource", False, "CodeSource", "(URL,CodeSigner[])", "", "Argument[1].ArrayElement", "Argument[this].SyntheticField[java.security.CodeSource.codeSigners].ArrayElement", "value", "df-manual"]
+      - ["java.security", "CodeSource", False, "getCertificates", "()", "", "Argument[this].SyntheticField[java.security.CodeSource.certificates].ArrayElement", "ReturnValue.ArrayElement", "value", "df-manual"]
+      - ["java.security", "CodeSource", False, "getCodeSigners", "()", "", "Argument[this].SyntheticField[java.security.CodeSource.codeSigners].ArrayElement", "ReturnValue.ArrayElement", "value", "df-manual"]
+      - ["java.security", "CodeSource", False, "getLocation", "()", "", "Argument[this]", "ReturnValue", "taint", "df-manual"]
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel