Merge pull request github#12463 from github/java/update-mad-decls-after-triage-2023-03-09T10-41-58

Java: Add MaD declarations after triage

Author: kaeluka

java/ql/lib/ext/com.thoughtworks.xstream.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.thoughtworks.xstream", "XStream", True, "fromXML", "(File)", "", "Argument[0]", "read-file", "ai-generated"]

java/ql/lib/ext/hudson.remoting.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["hudson.remoting", "URLDeserializationHelper", True, "wrapIfRequired", "(URL)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]

java/ql/lib/ext/io.netty.resolver.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["io.netty.resolver", "SimpleNameResolver", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]

java/ql/lib/ext/java.io.model.yml

@@ -87,9 +87,7 @@ extensions:
       - ["java.io", "OutputStream", True, "write", "(byte[],int,int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.io", "OutputStream", True, "write", "(int)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.io", "Reader", True, "read", "", "", "Argument[-1]", "Argument[0]", "taint", "manual"]
-      - ["java.io", "Reader", True, "read", "()", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "StringReader", False, "StringReader", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
-      - ["java.io", "Writer", True, "toString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.io", "Writer", True, "write", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
   - addsTo:
       pack: codeql/java-all

java/ql/lib/ext/java.net.model.yml

@@ -9,7 +9,9 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "open-url", "ai-generated"]
       - ["java.net", "URL", False, "openConnection", "", "", "Argument[-1]", "open-url", "manual"]
+      - ["java.net", "URL", False, "openConnection", "(Proxy)", "", "Argument[0]", "open-url", "ai-generated"]
       - ["java.net", "URL", False, "openStream", "", "", "Argument[-1]", "open-url", "manual"]
       - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader)", "", "Argument[1]", "open-url", "manual"]
       - ["java.net", "URLClassLoader", False, "URLClassLoader", "(String,URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[1]", "open-url", "manual"]
@@ -21,6 +23,11 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
+      - ["java.net", "InetAddress", True, "getByName", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["java.net", "InetSocketAddress", True, "createUnresolved", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["java.net", "InetSocketAddress", True, "InetSocketAddress", "(String,int)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
+      - ["java.net", "URI", False, "resolve", "(String)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
+      - ["java.net", "URI", False, "resolve", "(URI)", "", "Argument[0]", "ReturnValue", "taint", "ai-generated"]
       - ["java.net", "URI", False, "URI", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.net", "URI", False, "create", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URI", False, "toASCIIString", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
@@ -29,4 +36,6 @@ extensions:
       - ["java.net", "URL", False, "URL", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["java.net", "URL", False, "toURI", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.net", "URL", False, "toExternalForm", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+      - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
+      - ["java.net", "URL", False, "URL", "(URL,String)", "", "Argument[1]", "Argument[-1]", "taint", "ai-generated"] # @atorralba: review for consistency
       - ["java.net", "URLDecoder", False, "decode", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]

java/ql/lib/ext/java.nio.file.model.yml

@@ -12,7 +12,11 @@ extensions:
       - ["java.nio.file", "Files", False, "createSymbolicLink", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "createTempDirectory", "(Path,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "createTempFile", "(Path,String,String,FileAttribute[])", "", "Argument[0]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "delete", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file
+      - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "create-file", "ai-generated"] # should be delete-file
+      - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "create-file", "manual"]
+      - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "read-file", "ai-generated"]
       - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "create-file", "manual"]
       - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "create-file", "manual"]
@@ -24,7 +28,6 @@ extensions:
       extensible: summaryModel
     data:
       - ["java.nio.file", "FileSystem", True, "getPath", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
-      - ["java.nio.file", "FileSystem", True, "getRootDirectories", "", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["java.nio.file", "Path", True, "getParent", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.nio.file", "Path", True, "normalize", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
       - ["java.nio.file", "Path", True, "resolve", "", "", "Argument[-1..0]", "ReturnValue", "taint", "manual"]

java/ql/lib/ext/javax.xml.transform.stream.model.yml

@@ -5,3 +5,8 @@ extensions:
     data:
       - ["javax.xml.transform.stream", "StreamSource", False, "StreamSource", "", "", "Argument[0]", "Argument[-1]", "taint", "manual"]
       - ["javax.xml.transform.stream", "StreamSource", False, "getInputStream", "", "", "Argument[-1]", "ReturnValue", "taint", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.xml.transform.stream", "StreamResult", True, "StreamResult", "(File)", "", "Argument[0]", "create-file", "ai-generated"]

java/ql/lib/ext/org.apache.commons.compress.archivers.tar.model.yml

@@ -3,5 +3,7 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
-      - ["org.apache.commons.compress.archivers.tar", "TarArchiveEntry", True, "TarArchiveEntry", "(String,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
       - ["org.apache.commons.compress.archivers.tar", "TarArchiveEntry", True, "TarArchiveEntry", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
+      - ["org.apache.commons.compress.archivers.tar", "TarArchiveEntry", True, "TarArchiveEntry", "(String,boolean)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
+      - ["org.apache.commons.compress.archivers.tar", "TarArchiveEntry", True, "TarArchiveEntry", "(String,byte)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]
+      - ["org.apache.commons.compress.archivers.tar", "TarArchiveEntry", True, "setLinkName", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]

java/ql/lib/ext/org.apache.commons.io.model.yml

@@ -12,3 +12,8 @@ extensions:
       - ["org.apache.commons.io", "IOUtils", True, "toByteArray", "(Reader,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
       - ["org.apache.commons.io", "IOUtils", True, "writeLines", "(Collection,String,Writer)", "", "Argument[0].Element", "Argument[2]", "taint", "manual"]
       - ["org.apache.commons.io", "IOUtils", True, "writeLines", "(Collection,String,Writer)", "", "Argument[1]", "Argument[2]", "taint", "manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "read-file", "ai-generated"]

java/ql/lib/ext/org.apache.commons.jelly.model.yml

@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[1]", "open-url", "ai-generated"]
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL,URL)", "", "Argument[2]", "open-url", "ai-generated"]
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(JellyContext,URL)", "", "Argument[1]", "open-url", "ai-generated"]
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[0]", "open-url", "ai-generated"]
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL,URL)", "", "Argument[1]", "open-url", "ai-generated"]
+      - ["org.apache.commons.jelly", "JellyContext", True, "JellyContext", "(URL)", "", "Argument[0]", "open-url", "ai-generated"]

java/ql/lib/ext/org.apache.tools.ant.model.yml

@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.tools.ant", "AntClassLoader", True, "addPathComponent", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(ClassLoader,Project,Path,boolean)", "", "Argument[2]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path,boolean)", "", "Argument[1]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path)", "", "Argument[1]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant", "DirectoryScanner", True, "setBasedir", "(File)", "", "Argument[0]", "read-file", "ai-generated"]

java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml

@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.tools.ant.taskdefs", "Copy", True, "addFileset", "(FileSet)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant.taskdefs", "Copy", True, "setFile", "(File)", "", "Argument[0]", "read-file", "ai-generated"]
+      - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTodir", "(File)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTofile", "(File)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["org.apache.tools.ant.taskdefs", "Expand", True, "setDest", "(File)", "", "Argument[0]", "create-file", "ai-generated"]
+      - ["org.apache.tools.ant.taskdefs", "Expand", True, "setSrc", "(File)", "", "Argument[0]", "read-file", "ai-generated"]

java/ql/lib/ext/org.apache.tools.zip.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.tools.zip", "ZipEntry", True, "ZipEntry", "(String)", "", "Argument[0]", "Argument[-1]", "taint", "ai-generated"]

java/ql/lib/ext/org.kohsuke.stapler.framework.adjunct.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.kohsuke.stapler.framework.adjunct", "AdjunctManager", True, "AdjunctManager", "(ServletContext,ClassLoader,String,long)", "", "Argument[2]", "Argument[-1].Field[org.kohsuke.stapler.framework.adjunct.AdjunctManager.rootURL]", "taint", "ai-generated"] # the class never accesses the URL, but the field is public

java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.kohsuke.stapler.framework.io", "LargeText", True, "LargeText", "(File,Charset,boolean,boolean)", "", "Argument[0]", "read-file", "ai-generated"]

java/ql/lib/ext/org.kohsuke.stapler.model.yml

@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.kohsuke.stapler", "HttpResponses", True, "redirectTo", "(String)", "", "Argument[0]", "url-redirect", "ai-generated"]
+      - ["org.kohsuke.stapler", "HttpResponses", True, "staticResource", "(URL)", "", "Argument[0]", "open-url", "ai-generated"]

java/ql/lib/ext/org.openjdk.jmh.runner.options.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.openjdk.jmh.runner.options", "ChainedOptionsBuilder", True, "result", "(String)", "", "Argument[0]", "create-file", "ai-generated"]

java/ql/test/library-tests/frameworks/apache-ant/Test.java

@@ -0,0 +1,26 @@
+package generatedtest;
+
+import org.apache.tools.zip.ZipEntry;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() {
+		return null;
+	}
+
+	void sink(Object o) {}
+
+	public void test() throws Exception {
+
+		{
+			// "org.apache.tools.zip;ZipEntry;true;ZipEntry;(String);;Argument[0];Argument[-1];taint;ai-generated"
+			ZipEntry out = null;
+			String in = (String) source();
+			out = new ZipEntry(in);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}

java/ql/test/library-tests/frameworks/apache-ant/options

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-ant-1.10.13

java/ql/test/library-tests/frameworks/apache-ant/test.expected

@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest

java/ql/test/library-tests/frameworks/apache-ant/test.ql

@@ -26,6 +26,20 @@ public void test() throws Exception {
 			out = new TarArchiveEntry(in, false);
 			sink(out); // $ hasTaintFlow
 		}
+		{
+			// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;TarArchiveEntry;(String,byte);;Argument[0];Argument[-1];taint;ai-generated"
+			TarArchiveEntry out = null;
+			String in = (String) source();
+			out = new TarArchiveEntry(in, (byte) 0);
+			sink(out); // $ hasTaintFlow
+		}
+		{
+			// "org.apache.commons.compress.archivers.tar;TarArchiveEntry;true;setLinkName;(String);;Argument[0];Argument[-1];taint;ai-generated"
+			TarArchiveEntry out = null;
+			String in = (String) source();
+			out.setLinkName(in);
+			sink(out); // $ hasTaintFlow
+		}
 
 	}
 

java/ql/test/library-tests/frameworks/apache-commons-compress/Test.java

@@ -0,0 +1,28 @@
+package generatedtest;
+
+import hudson.remoting.URLDeserializationHelper;
+import java.net.URL;
+
+// Test case generated by GenerateFlowTestCase.ql
+public class Test {
+
+	Object source() {
+		return null;
+	}
+
+	void sink(Object o) {
+	}
+
+	public void test() throws Exception {
+
+		{
+			// "hudson.remoting;URLDeserializationHelper;true;wrapIfRequired;(URL);;Argument[0];ReturnValue;taint;ai-generated"
+			URL out = null;
+			URL in = (URL) source();
+			out = URLDeserializationHelper.wrapIfRequired(in);
+			sink(out); // $ hasTaintFlow
+		}
+
+	}
+
+}

java/ql/test/library-tests/frameworks/hudson/Test.java

@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jenkins

java/ql/test/library-tests/frameworks/hudson/options

@@ -0,0 +1,2 @@
+import java
+import TestUtilities.InlineFlowTest