Merge pull request #14580 from github/java/update-mad-decls-after-triage-2023-10-24T15-42-01

atorralba · web-flow · commit e744d974e83c · 2023-12-20T15:01:24.000+01:00
Java: Update MaD Declarations after Triage
diff --git a/java/ql/lib/change-notes/2023-10-24-new-models.md b/java/ql/lib/change-notes/2023-10-24-new-models.md
@@ -0,0 +1,12 @@
+---
+category: minorAnalysis
+---
+* Added models for the following packages:
+
+  * com.alibaba.druid.sql.repository
+  * jakarta.persistence
+  * jakarta.persistence.criteria
+  * liquibase.database.jvm
+  * liquibase.statement.core
+  * org.apache.ibatis.mapping
+  * org.keycloak.models.map.storage
diff --git a/java/ql/lib/ext/com.alibaba.druid.sql.repository.model.yml b/java/ql/lib/ext/com.alibaba.druid.sql.repository.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["com.alibaba.druid.sql.repository", "SchemaRepository", True, "console", "(String)", "", "Argument[0]", "sql-injection", "ai-manual"]
diff --git a/java/ql/lib/ext/jakarta.persistence.criteria.model.yml b/java/ql/lib/ext/jakarta.persistence.criteria.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["jakarta.persistence.criteria", "CriteriaBuilder", True, "concat", "(String,Expression)", "", "Argument[1]", "ReturnValue", "taint", "ai-manual"]
diff --git a/java/ql/lib/ext/jakarta.persistence.model.yml b/java/ql/lib/ext/jakarta.persistence.model.yml
@@ -0,0 +1,7 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["jakarta.persistence", "EntityManager", True, "createNativeQuery", "(String,Class)", "", "Argument[0]", "sql-injection", "ai-manual"]
+      - ["jakarta.persistence", "EntityManager", True, "createQuery", "(CriteriaDelete)", "", "Argument[0]", "sql-injection", "ai-manual"]
diff --git a/java/ql/lib/ext/liquibase.database.jvm.model.yml b/java/ql/lib/ext/liquibase.database.jvm.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["liquibase.database.jvm", "JdbcConnection", True, "prepareStatement", "(String)", "", "Argument[0]", "sql-injection", "ai-manual"]
diff --git a/java/ql/lib/ext/liquibase.statement.core.model.yml b/java/ql/lib/ext/liquibase.statement.core.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["liquibase.statement.core", "RawSqlStatement", True, "RawSqlStatement", "(String)", "", "Argument[0]", "sql-injection", "ai-manual"]
diff --git a/java/ql/lib/ext/org.apache.ibatis.mapping.model.yml b/java/ql/lib/ext/org.apache.ibatis.mapping.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["org.apache.ibatis.mapping", "BoundSql", True, "getSql", "()", "", "Argument[this]", "ReturnValue", "taint", "ai-manual"]
diff --git a/java/ql/lib/ext/org.keycloak.models.map.storage.model.yml b/java/ql/lib/ext/org.keycloak.models.map.storage.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.keycloak.models.map.storage", "MapStorage", True, "delete", "(QueryParameters)", "", "Argument[0]", "sql-injection", "ai-manual"]
