Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01

Java: Update MaD Declarations after Triage

Author: atorralba

java/ql/lib/change-notes/2023-10-31-new-models.md

@@ -0,0 +1,16 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.google.common.io
+  * hudson
+  * hudson.console
+  * java.lang
+  * java.net
+  * java.util.logging
+  * javax.imageio.stream
+  * org.apache.commons.io
+  * org.apache.hadoop.hive.ql.exec
+  * org.apache.hadoop.hive.ql.metadata
+  * org.apache.tools.ant.taskdefs

java/ql/lib/ext/com.google.common.io.model.yml

@@ -3,9 +3,11 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["com.google.common.io", "Files", False, "asByteSink", "(File,FileWriteMode[])", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "asCharSink", "(File,Charset,FileWriteMode[])", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["com.google.common.io", "Files", False, "newWriter", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]

java/ql/lib/ext/hudson.console.model.yml

@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["hudson.console", "AnnotatedLargeText", True, "AnnotatedLargeText", "(File,Charset,boolean,Object)", "", "Argument[0]", "Argument[this]", "taint", "ai-manual"]

java/ql/lib/ext/hudson.model.yml

@@ -3,6 +3,8 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["hudson", "FilePath", False, "tar", "(OutputStream,String)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["hudson", "FilePath", False, "unzipFrom", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["hudson", "FilePath", True, "copyFrom", "", "", "Argument[this]", "path-injection", "manual"]
       - ["hudson", "FilePath", True, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"]
       - ["hudson", "FilePath", True, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"]
@@ -32,6 +34,7 @@ extensions:
       - ["hudson", "Launcher$ProcStarter", False, "cmdAsSingleString", "", "", "Argument[0]", "command-injection", "manual"]
       - ["hudson", "Launcher", True, "launch", "", "", "Argument[0]", "command-injection", "manual"]
       - ["hudson", "Launcher", True, "launchChannel", "", "", "Argument[0]", "command-injection", "manual"]
+      - ["hudson", "XmlFile", False, "XmlFile", "(XStream,File)", "", "Argument[1]", "path-injection", "ai-manual"]
   - addsTo:
       pack: codeql/java-all
       extensible: sourceModel

java/ql/lib/ext/java.lang.model.yml

@@ -13,6 +13,7 @@ extensions:
       - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"]
       - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(List)", "", "Argument[0]", "command-injection", "ai-manual"]
       - ["java.lang", "ProcessBuilder", False, "ProcessBuilder", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
+      - ["java.lang", "ProcessBuilder", False, "redirectError", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["java.lang", "Runtime", True, "exec", "(String)", "", "Argument[0]", "command-injection", "ai-manual"]
       - ["java.lang", "Runtime", True, "exec", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"]
       - ["java.lang", "Runtime", True, "exec", "(String[],String[])", "", "Argument[0]", "command-injection", "ai-manual"]

java/ql/lib/ext/java.net.model.yml

@@ -9,6 +9,7 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["java.net", "DatagramPacket", False, "DatagramPacket", "(byte[],int,InetAddress,int)", "", "Argument[2]", "request-forgery", "ai-manual"]
       - ["java.net", "DatagramSocket", True, "connect", "(SocketAddress)", "", "Argument[0]", "request-forgery", "ai-manual"]
       - ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String,char[])", "", "Argument[1]", "credentials-password", "hq-generated"]
       - ["java.net", "Socket", True, "Socket", "(String,int)", "", "Argument[0]", "request-forgery", "ai-manual"]

java/ql/lib/ext/java.util.logging.model.yml

@@ -3,6 +3,8 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["java.util.logging", "FileHandler", True, "FileHandler", "(String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["java.util.logging", "FileHandler", True, "FileHandler", "(String,int,int)", "", "Argument[0]", "path-injection", "ai-manual"]
       - ["java.util.logging", "Logger", True, "config", "", "", "Argument[0]", "log-injection", "manual"]
       - ["java.util.logging", "Logger", True, "entering", "(String,String)", "", "Argument[0..1]", "log-injection", "manual"]
       - ["java.util.logging", "Logger", True, "entering", "(String,String,Object)", "", "Argument[0..2]", "log-injection", "manual"]
@@ -44,7 +46,6 @@ extensions:
       - ["java.util.logging", "Logger", False, "getLogger", "(String)", "", "Argument[0]", "ReturnValue.SyntheticField[java.util.logging.Logger.name]", "value", "manual"]
       - ["java.util.logging", "Logger", False, "getName", "()", "", "Argument[this].SyntheticField[java.util.logging.Logger.name]", "ReturnValue", "value", "manual"]
       - ["java.util.logging", "LogRecord", False, "LogRecord", "", "", "Argument[1]", "Argument[this]", "taint", "manual"]
-
   - addsTo:
       pack: codeql/java-all
       extensible: neutralModel

java/ql/lib/ext/javax.imageio.stream.model.yml

@@ -1,7 +1,11 @@
 extensions:
-
   - addsTo:
       pack: codeql/java-all
       extensible: summaryModel
     data:
       - ["javax.imageio.stream", "FileCacheImageInputStream", True, "FileCacheImageInputStream", "(InputStream,File)", "", "Argument[0]", "Argument[this].Element", "taint", "ai-manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["javax.imageio.stream", "FileImageOutputStream", True, "FileImageOutputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]

java/ql/lib/ext/org.apache.commons.io.model.yml

@@ -3,6 +3,8 @@ extensions:
       pack: codeql/java-all
       extensible: summaryModel
     data:
+      - ["org.apache.commons.io", "FileUtils", False, "listFiles", "(File,IOFileFilter,IOFileFilter)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"]
+      - ["org.apache.commons.io", "FileUtils", False, "listFiles", "(File,String[],boolean)", "", "Argument[0]", "ReturnValue.Element", "taint", "ai-manual"]
       # Models that are not yet auto generated or where the generated summaries will
       # be ignored.
       # Note that if a callable has any handwritten summary, all generated summaries
@@ -16,8 +18,14 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
+      - ["org.apache.commons.io", "FileUtils", False, "forceMkdir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["org.apache.commons.io", "FileUtils", False, "moveDirectory", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["org.apache.commons.io", "FileUtils", False, "readFileToByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["org.apache.commons.io", "FileUtils", False, "writeLines", "(File,String,Collection,String)", "", "Argument[3]", "file-content-store", "ai-manual"]
+      - ["org.apache.commons.io", "FileUtils", False, "writeStringToFile", "(File,String,Charset,boolean)", "", "Argument[1]", "file-content-store", "ai-manual"]
       - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"]
       - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"]
       - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"]
       - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"]
       - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"]
+      - ["org.apache.commons.io", "IOUtils", False, "resourceToString", "(String,Charset)", "", "Argument[0]", "path-injection", "ai-manual"]

java/ql/lib/ext/org.apache.hadoop.hive.ql.exec.model.yml

@@ -0,0 +1,11 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.hadoop.hive.ql.exec", "Utilities", False, "renameOrMoveFilesInParallel", "(Configuration,FileSystem,Path,Path)", "", "Argument[2]", "path-injection", "ai-manual"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.hadoop.hive.ql.exec", "Utilities", False, "replaceTaskIdFromFilename", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "ai-manual"]