Skip to content

Commit 2d3b15f

Browse files
atorralbaatorralba
committed
Add more taint models
1 parent fbceb8d commit 2d3b15f

File tree

2 files changed

+143
-0
lines changed

2 files changed

+143
-0
lines changed

java/ql/lib/semmle/code/java/frameworks/OkHttp.qll

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,31 +23,48 @@ private class OKHttpSummaries extends SummaryModelCsv {
2323
"okhttp3;HttpUrl;false;uri;;;Argument[-1];ReturnValue;taint",
2424
"okhttp3;HttpUrl;false;url;;;Argument[-1];ReturnValue;taint",
2525
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[-1];ReturnValue;value",
26+
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint",
2627
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value",
28+
"okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint",
2729
"okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value",
30+
"okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint",
2831
"okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value",
32+
"okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint",
2933
"okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value",
34+
"okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint",
3035
"okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value",
36+
"okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint",
3137
"okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint",
3238
"okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[-1];ReturnValue;value",
39+
"okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint",
3340
"okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value",
3441
"okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[-1];ReturnValue;value",
42+
"okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint",
3543
"okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value",
44+
"okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint",
3645
"okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value",
3746
"okhttp3;HttpUrl$Builder;false;fragment;;;Argument[-1];ReturnValue;value",
47+
"okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint",
3848
"okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value",
49+
"okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint",
3950
"okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value",
4051
"okhttp3;HttpUrl$Builder;false;port;;;Argument[-1];ReturnValue;value",
52+
"okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint",
4153
"okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value",
54+
"okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint",
4255
"okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value",
4356
"okhttp3;HttpUrl$Builder;false;removeAllQueryParameters;;;Argument[-1];ReturnValue;value",
4457
"okhttp3;HttpUrl$Builder;false;removePathSegment;;;Argument[-1];ReturnValue;value",
4558
"okhttp3;HttpUrl$Builder;false;scheme;;;Argument[-1];ReturnValue;value",
4659
"okhttp3;HttpUrl$Builder;false;scheme;;;Argument[0];Argument[-1];taint",
4760
"okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[-1];ReturnValue;value",
61+
"okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint",
4862
"okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value",
63+
"okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint",
4964
"okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value",
65+
"okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint",
5066
"okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value",
67+
"okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint",
5168
"okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value",
5269
]
5370
}

java/ql/test/library-tests/frameworks/okhttp/Test.java

Lines changed: 126 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -28,41 +28,90 @@ public void test() throws Exception {
2828
out = in.addEncodedPathSegment(null);
2929
sink(out); // $ hasValueFlow
3030
}
31+
{
32+
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegment;;;Argument[0];Argument[-1];taint"
33+
HttpUrl.Builder out = null;
34+
String in = (String) source();
35+
out.addEncodedPathSegment(in);
36+
sink(out); // $ hasTaintFlow
37+
}
3138
{
3239
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[-1];ReturnValue;value"
3340
HttpUrl.Builder out = null;
3441
HttpUrl.Builder in = (HttpUrl.Builder) source();
3542
out = in.addEncodedPathSegments(null);
3643
sink(out); // $ hasValueFlow
3744
}
45+
{
46+
// "okhttp3;HttpUrl$Builder;false;addEncodedPathSegments;;;Argument[0];Argument[-1];taint"
47+
HttpUrl.Builder out = null;
48+
String in = (String) source();
49+
out.addEncodedPathSegments(in);
50+
sink(out); // $ hasTaintFlow
51+
}
3852
{
3953
// "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[-1];ReturnValue;value"
4054
HttpUrl.Builder out = null;
4155
HttpUrl.Builder in = (HttpUrl.Builder) source();
4256
out = in.addEncodedQueryParameter(null, null);
4357
sink(out); // $ hasValueFlow
4458
}
59+
{
60+
// "okhttp3;HttpUrl$Builder;false;addEncodedQueryParameter;;;Argument[0];Argument[-1];taint"
61+
HttpUrl.Builder out = null;
62+
String in = (String) source();
63+
out.addEncodedQueryParameter(in, null);
64+
sink(out); // $ hasTaintFlow
65+
}
4566
{
4667
// "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[-1];ReturnValue;value"
4768
HttpUrl.Builder out = null;
4869
HttpUrl.Builder in = (HttpUrl.Builder) source();
4970
out = in.addPathSegment(null);
5071
sink(out); // $ hasValueFlow
5172
}
73+
{
74+
// "okhttp3;HttpUrl$Builder;false;addPathSegment;;;Argument[0];Argument[-1];taint"
75+
HttpUrl.Builder out = null;
76+
String in = (String) source();
77+
out.addPathSegment(in);
78+
sink(out); // $ hasTaintFlow
79+
}
5280
{
5381
// "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[-1];ReturnValue;value"
5482
HttpUrl.Builder out = null;
5583
HttpUrl.Builder in = (HttpUrl.Builder) source();
5684
out = in.addPathSegments(null);
5785
sink(out); // $ hasValueFlow
5886
}
87+
{
88+
// "okhttp3;HttpUrl$Builder;false;addPathSegments;;;Argument[0];Argument[-1];taint"
89+
HttpUrl.Builder out = null;
90+
String in = (String) source();
91+
out.addPathSegments(in);
92+
sink(out); // $ hasTaintFlow
93+
}
5994
{
6095
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[-1];ReturnValue;value"
6196
HttpUrl.Builder out = null;
6297
HttpUrl.Builder in = (HttpUrl.Builder) source();
6398
out = in.addQueryParameter(null, null);
6499
sink(out); // $ hasValueFlow
65100
}
101+
{
102+
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint"
103+
HttpUrl.Builder out = null;
104+
String in = (String) source();
105+
out.addQueryParameter(in, null);
106+
sink(out); // $ hasTaintFlow
107+
}
108+
{
109+
// "okhttp3;HttpUrl$Builder;false;addQueryParameter;;;Argument[0..1];Argument[-1];taint"
110+
HttpUrl.Builder out = null;
111+
String in = (String) source();
112+
out.addQueryParameter(null, in);
113+
sink(out); // $ hasTaintFlow
114+
}
66115
{
67116
// "okhttp3;HttpUrl$Builder;false;build;;;Argument[-1];ReturnValue;taint"
68117
HttpUrl out = null;
@@ -77,6 +126,13 @@ public void test() throws Exception {
77126
out = in.encodedFragment(null);
78127
sink(out); // $ hasValueFlow
79128
}
129+
{
130+
// "okhttp3;HttpUrl$Builder;false;encodedFragment;;;Argument[0];Argument[-1];taint"
131+
HttpUrl.Builder out = null;
132+
String in = (String) source();
133+
out.encodedFragment(in);
134+
sink(out); // $ hasTaintFlow
135+
}
80136
{
81137
// "okhttp3;HttpUrl$Builder;false;encodedPassword;;;Argument[-1];ReturnValue;value"
82138
HttpUrl.Builder out = null;
@@ -91,13 +147,27 @@ public void test() throws Exception {
91147
out = in.encodedPath(null);
92148
sink(out); // $ hasValueFlow
93149
}
150+
{
151+
// "okhttp3;HttpUrl$Builder;false;encodedPath;;;Argument[0];Argument[-1];taint"
152+
HttpUrl.Builder out = null;
153+
String in = (String) source();
154+
out.encodedPath(in);
155+
sink(out); // $ hasTaintFlow
156+
}
94157
{
95158
// "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[-1];ReturnValue;value"
96159
HttpUrl.Builder out = null;
97160
HttpUrl.Builder in = (HttpUrl.Builder) source();
98161
out = in.encodedQuery(null);
99162
sink(out); // $ hasValueFlow
100163
}
164+
{
165+
// "okhttp3;HttpUrl$Builder;false;encodedQuery;;;Argument[0];Argument[-1];taint"
166+
HttpUrl.Builder out = null;
167+
String in = (String) source();
168+
out.encodedQuery(in);
169+
sink(out); // $ hasTaintFlow
170+
}
101171
{
102172
// "okhttp3;HttpUrl$Builder;false;encodedUsername;;;Argument[-1];ReturnValue;value"
103173
HttpUrl.Builder out = null;
@@ -112,13 +182,27 @@ public void test() throws Exception {
112182
out = in.fragment(null);
113183
sink(out); // $ hasValueFlow
114184
}
185+
{
186+
// "okhttp3;HttpUrl$Builder;false;fragment;;;Argument[0];Argument[-1];taint"
187+
HttpUrl.Builder out = null;
188+
String in = (String) source();
189+
out.fragment(in);
190+
sink(out); // $ hasTaintFlow
191+
}
115192
{
116193
// "okhttp3;HttpUrl$Builder;false;host;;;Argument[-1];ReturnValue;value"
117194
HttpUrl.Builder out = null;
118195
HttpUrl.Builder in = (HttpUrl.Builder) source();
119196
out = in.host(null);
120197
sink(out); // $ hasValueFlow
121198
}
199+
{
200+
// "okhttp3;HttpUrl$Builder;false;host;;;Argument[0];Argument[-1];taint"
201+
HttpUrl.Builder out = null;
202+
String in = (String) source();
203+
out.host(in);
204+
sink(out); // $ hasTaintFlow
205+
}
122206
{
123207
// "okhttp3;HttpUrl$Builder;false;password;;;Argument[-1];ReturnValue;value"
124208
HttpUrl.Builder out = null;
@@ -133,13 +217,27 @@ public void test() throws Exception {
133217
out = in.port(0);
134218
sink(out); // $ hasValueFlow
135219
}
220+
{
221+
// "okhttp3;HttpUrl$Builder;false;port;;;Argument[0];Argument[-1];taint"
222+
HttpUrl.Builder out = null;
223+
int in = (int) source();
224+
out.port(in);
225+
sink(out); // $ hasTaintFlow
226+
}
136227
{
137228
// "okhttp3;HttpUrl$Builder;false;query;;;Argument[-1];ReturnValue;value"
138229
HttpUrl.Builder out = null;
139230
HttpUrl.Builder in = (HttpUrl.Builder) source();
140231
out = in.query(null);
141232
sink(out); // $ hasValueFlow
142233
}
234+
{
235+
// "okhttp3;HttpUrl$Builder;false;query;;;Argument[0];Argument[-1];taint"
236+
HttpUrl.Builder out = null;
237+
String in = (String) source();
238+
out.query(in);
239+
sink(out); // $ hasTaintFlow
240+
}
143241
{
144242
// "okhttp3;HttpUrl$Builder;false;removeAllEncodedQueryParameters;;;Argument[-1];ReturnValue;value"
145243
HttpUrl.Builder out = null;
@@ -182,27 +280,55 @@ public void test() throws Exception {
182280
out = in.setEncodedPathSegment(0, null);
183281
sink(out); // $ hasValueFlow
184282
}
283+
{
284+
// "okhttp3;HttpUrl$Builder;false;setEncodedPathSegment;;;Argument[0];Argument[-1];taint"
285+
HttpUrl.Builder out = null;
286+
int in = (int) source();
287+
out.setEncodedPathSegment(in, null);
288+
sink(out); // $ hasTaintFlow
289+
}
185290
{
186291
// "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[-1];ReturnValue;value"
187292
HttpUrl.Builder out = null;
188293
HttpUrl.Builder in = (HttpUrl.Builder) source();
189294
out = in.setEncodedQueryParameter(null, null);
190295
sink(out); // $ hasValueFlow
191296
}
297+
{
298+
// "okhttp3;HttpUrl$Builder;false;setEncodedQueryParameter;;;Argument[0];Argument[-1];taint"
299+
HttpUrl.Builder out = null;
300+
String in = (String) source();
301+
out.setEncodedQueryParameter(in, null);
302+
sink(out); // $ hasTaintFlow
303+
}
192304
{
193305
// "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[-1];ReturnValue;value"
194306
HttpUrl.Builder out = null;
195307
HttpUrl.Builder in = (HttpUrl.Builder) source();
196308
out = in.setPathSegment(0, null);
197309
sink(out); // $ hasValueFlow
198310
}
311+
{
312+
// "okhttp3;HttpUrl$Builder;false;setPathSegment;;;Argument[0];Argument[-1];taint"
313+
HttpUrl.Builder out = null;
314+
int in = (int) source();
315+
out.setPathSegment(in, null);
316+
sink(out); // $ hasTaintFlow
317+
}
199318
{
200319
// "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[-1];ReturnValue;value"
201320
HttpUrl.Builder out = null;
202321
HttpUrl.Builder in = (HttpUrl.Builder) source();
203322
out = in.setQueryParameter(null, null);
204323
sink(out); // $ hasValueFlow
205324
}
325+
{
326+
// "okhttp3;HttpUrl$Builder;false;setQueryParameter;;;Argument[0];Argument[-1];taint"
327+
HttpUrl.Builder out = null;
328+
String in = (String) source();
329+
out.setQueryParameter(in, null);
330+
sink(out); // $ hasTaintFlow
331+
}
206332
{
207333
// "okhttp3;HttpUrl$Builder;false;username;;;Argument[-1];ReturnValue;value"
208334
HttpUrl.Builder out = null;

0 commit comments

Comments
 (0)