Skip to content

Commit f056045

Browse files
KwstubbsKwstubbs
committed
Finished up
1 parent 1b5299d commit f056045

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

48 files changed

+1018
-17
lines changed

java/ql/lib/ext/jakarta.servlet.http.model.yml

Lines changed: 8 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,11 @@ extensions:
33
pack: codeql/java-all
44
extensible: sourceModel
55
data:
6-
- ["jakarta.servlet.http", "HttpServletRequest", True, "getServletPath", "", "", "ReturnValue", "remote", "manual"]
7-
- ["jakarta.servlet.http", "Part", True, "getInputStream", "", "()", "ReturnValue", "remote", "manual"]
8-
- ["jakarta.servlet.http", "Part", True, "getName", "", "()", "ReturnValue", "remote", "manual"]
9-
- ["jakarta.servlet.http", "Part", True, "getContentType", "", "()", "ReturnValue", "remote", "manual"]
10-
- ["jakarta.servlet.http", "Part", True, "getHeader", "", "(String)", "ReturnValue", "remote", "manual"]
11-
- ["jakarta.servlet.http", "Part", True, "getHeaders", "", "(String)", "ReturnValue", "remote", "manual"]
12-
- ["jakarta.servlet.http", "Part", True, "getHeaderNames", "", "()", "ReturnValue", "remote", "manual"]
13-
- ["jakarta.servlet.http", "Part", True, "getSubmittedFileName", "", "()", "ReturnValue", "remote", "manual"]
6+
- ["jakarta.servlet.http", "HttpServletRequest", True, "getServletPath", "()", "", "ReturnValue", "remote", "manual"]
7+
- ["jakarta.servlet.http", "Part", True, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
8+
- ["jakarta.servlet.http", "Part", True, "getName", "()", "", "ReturnValue", "remote", "manual"]
9+
- ["jakarta.servlet.http", "Part", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
10+
- ["jakarta.servlet.http", "Part", True, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"]
11+
- ["jakarta.servlet.http", "Part", True, "getHeaders", "(String)", "", "ReturnValue", "remote", "manual"]
12+
- ["jakarta.servlet.http", "Part", True, "getHeaderNames", "()", "", "ReturnValue", "remote", "manual"]
13+
- ["jakarta.servlet.http", "Part", True, "getSubmittedFileName", "()", "", "ReturnValue", "remote", "manual"]

java/ql/lib/ext/org.apache.commons.fileupload.model.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -6,7 +6,7 @@ extensions:
66
- ["org.apache.commons.fileupload", "FileItem", True, "getInputStream", "()", "", "ReturnValue", "remote", "manual"]
77
- ["org.apache.commons.fileupload", "FileItem", True, "getFieldName", "()", "", "ReturnValue", "remote", "manual"]
88
- ["org.apache.commons.fileupload", "FileItem", True, "getContentType", "()", "", "ReturnValue", "remote", "manual"]
9-
- ["org.apache.commons.fileupload", "FileItem", False, "getString", "()", "", "ReturnValue", "remote", "manual"]
9+
- ["org.apache.commons.fileupload", "FileItem", True, "getString", "()", "", "ReturnValue", "remote", "manual"]
1010
- ["org.apache.commons.fileupload", "FileItem", True, "getName", "()", "", "ReturnValue", "remote", "manual"]
1111
- ["org.apache.commons.fileupload", "FileItem", True, "getName", "(String)", "", "ReturnValue", "remote", "manual"]
1212
- ["org.apache.commons.fileupload", "FileItem", True, "get", "()", "", "ReturnValue", "remote", "manual"]

java/ql/test/library-tests/dataflow/taintsources/FileUpload.java

Lines changed: 14 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -1,16 +1,17 @@
11
import javax.servlet.http.HttpServletRequest;
22
import javax.servlet.http.HttpServletResponse;
3-
import javax.servlet.http.Part;
43
import org.apache.commons.fileupload.FileItem;
54
import org.apache.commons.fileupload.FileItemStream;
65

6+
77
public class FileUpload {
88

99
private HttpServletRequest request;
1010
private HttpServletResponse response;
11-
private Part filePart;
11+
private javax.servlet.http.Part filePart;
1212
private FileItem fileItem;
1313
private FileItemStream fileItemStream;
14+
private jakarta.servlet.http.Part jakartaPart;
1415

1516
private static void sink(Object o) {}
1617

@@ -29,11 +30,17 @@ public void test() throws Exception {
2930
sink(fileItem.getContentType()); // $ hasRemoteValueFlow
3031
sink(fileItem.getName()); // $ hasRemoteValueFlow
3132

32-
//These result in a compiler error when uncommented
33-
//sink(fileItemStream) // $ hasRemoteValueFlow
34-
//sink(fileItemStream.getFieldName()) // $ hasRemoteValueFlow
35-
//sink(fileItemStream.getName()) // $ hasRemoteValueFlow
36-
//sink(fileItemStream.openStream()) // $ hasRemoteValueFlow
33+
sink(fileItemStream.getFieldName()); // $ hasRemoteValueFlow
34+
sink(fileItemStream.getName()); // $ hasRemoteValueFlow
35+
sink(fileItemStream.openStream()); // $ hasRemoteValueFlow
36+
37+
sink(jakartaPart.getContentType()); // $ hasRemoteValueFlow
38+
sink(jakartaPart.getHeader("test")); // $ hasRemoteValueFlow
39+
sink(jakartaPart.getInputStream()); // $ hasRemoteValueFlow
40+
sink(jakartaPart.getHeaders("test")); // $ hasRemoteValueFlow
41+
sink(jakartaPart.getHeaderNames()); // $ hasRemoteValueFlow
42+
sink(jakartaPart.getSubmittedFileName()); // $ hasRemoteValueFlow
43+
sink(jakartaPart.getName()); // $ hasRemoteValueFlow
3744

3845
}
3946
}

java/ql/test/library-tests/dataflow/taintsources/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263
1+
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/jakarta.servlet-api-6.0.0:${testdir}/../../../stubs/apache-commons-fileupload-1.4:${testdir}/../../../stubs/javax-servlet-2.5:${testdir}/../../../stubs/servlet-api-2.4:${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/google-android-9.0.0:${testdir}/../../../stubs/playframework-2.6.x:${testdir}/../../../stubs/jackson-databind-2.12:${testdir}/../../../stubs/jackson-core-2.12:${testdir}/../../../stubs/akka-2.6.x:${testdir}/../../../stubs/jwtk-jjwt-0.11.2:${testdir}/../../../stubs/jenkins:${testdir}/../../../stubs/stapler-1.263

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/AsyncContext.java

Lines changed: 31 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/AsyncEvent.java

Lines changed: 20 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/AsyncListener.java

Lines changed: 14 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/DispatcherType.java

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/Filter.java

Lines changed: 15 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta.servlet-api-6.0.0/jakarta/servlet/FilterChain.java

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)