Merge pull request #10170 from michaelnebel/java/models-io

Java: Update models for commons-io and add negative models.

Author: michaelnebel

csharp/ql/lib/semmle/code/csharp/dataflow/ExternalFlow.qll

@@ -12,6 +12,8 @@
  *   `namespace; type; subtypes; name; signature; ext; input; output; kind; provenance`
  * - Negative Summaries:
  *   `namespace; type; name; signature; provenance`
+ *   A negative summary is used to indicate that there is no flow via a callable.
+ *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.
  * 1. The `namespace` column selects a namespace.

csharp/ql/lib/semmle/code/csharp/frameworks/GeneratedNegative.qll

@@ -1,9 +1,8 @@
+/** Provides a module for importing negative models. */
+
 /**
  * A module importing all generated negative Models as Data models.
  */
-
-import csharp
-
 private module GeneratedFrameworks {
   private import generated.dotnet.NegativeRuntime
 }

java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll

@@ -12,6 +12,7 @@
  *   `namespace; type; subtypes; name; signature; ext; input; output; kind; provenance`
  * - Negative Summaries:
  *   `namespace; type; name; signature; provenance`
+ *   A negative summary is used to indicate that there is no flow via a callable.
  *
  * The interpretation of a row is similar to API-graphs with a left-to-right
  * reading.

java/ql/lib/semmle/code/java/dataflow/internal/NegativeSummary.qll

@@ -0,0 +1,9 @@
+/** Provides modules for importing negative summaries. */
+
+/**
+ * A module importing the frameworks that provide external flow data,
+ * ensuring that they are visible to the taint tracking / data flow library.
+ */
+private module Frameworks {
+  private import semmle.code.java.frameworks.GeneratedNegative
+}

java/ql/lib/semmle/code/java/frameworks/GeneratedNegative.qll

@@ -0,0 +1,8 @@
+/** Provides a module for importing negative models. */
+
+/**
+ * A module importing all generated negative Models as Data models.
+ */
+private module GeneratedFrameworks {
+  private import apache.NegativeIOGenerated
+}

java/ql/lib/semmle/code/java/frameworks/apache/IOGenerated.qll

@@ -13,7 +13,9 @@ private class IOGeneratedSinksCsv extends SinkModelCsv {
         "org.apache.commons.io.file;PathFilter;true;accept;(Path,BasicFileAttributes);;Argument[0];create-file;generated",
         "org.apache.commons.io.file;PathUtils;false;copyFile;(URL,Path,CopyOption[]);;Argument[0];open-url;generated",
         "org.apache.commons.io.file;PathUtils;false;copyFile;(URL,Path,CopyOption[]);;Argument[1];create-file;generated",
+        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];create-file;generated",
         "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(URL,Path,CopyOption[]);;Argument[0];open-url;generated",
+        "org.apache.commons.io.file;PathUtils;false;copyFileToDirectory;(URL,Path,CopyOption[]);;Argument[1];create-file;generated",
         "org.apache.commons.io.file;PathUtils;false;newOutputStream;(Path,boolean);;Argument[0];create-file;generated",
         "org.apache.commons.io.file;PathUtils;false;writeString;(Path,CharSequence,Charset,OpenOption[]);;Argument[0];create-file;generated",
         "org.apache.commons.io.filefilter;FileFilterUtils;true;filter;(IOFileFilter,File[]);;Argument[1];create-file;generated",
@@ -631,14 +633,10 @@ private class IOGeneratedSummaryCsv extends SummaryModelCsv {
         "org.apache.commons.io;IOUtils;true;readLines;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;readLines;(InputStream,String);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;readLines;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toBufferedInputStream;(InputStream);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toBufferedInputStream;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toBufferedReader;(Reader);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toBufferedReader;(Reader,int);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toByteArray;(InputStream,int);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toByteArray;(InputStream,long);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(Reader);;Argument[0];ReturnValue;taint;generated",
-        "org.apache.commons.io;IOUtils;true;toByteArray;(Reader,String);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toByteArray;(String);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toCharArray;(InputStream);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;IOUtils;true;toCharArray;(InputStream,Charset);;Argument[0];ReturnValue;taint;generated",
@@ -669,7 +667,6 @@ private class IOGeneratedSummaryCsv extends SummaryModelCsv {
         "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream);;Argument[1];Argument[2];taint;generated",
         "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream,Charset);;Argument[1];Argument[2];taint;generated",
         "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,OutputStream,String);;Argument[1];Argument[2];taint;generated",
-        "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[0].Element;Argument[2];taint;generated",
         "org.apache.commons.io;IOUtils;true;writeLines;(Collection,String,Writer);;Argument[1];Argument[2];taint;generated",
         "org.apache.commons.io;IOUtils;true;writer;(Appendable);;Argument[0];ReturnValue;taint;generated",
         "org.apache.commons.io;LineIterator;true;LineIterator;(Reader);;Argument[0];Argument[-1];taint;generated",