Java: Add source and sink kind model validation.

michaelnebel · michaelnebel · commit e851b03c6f31 · 2022-06-20T16:20:02.000+02:00
diff --git a/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll b/java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll
@@ -629,6 +629,27 @@ module CsvValidation {
       not kind = ["taint", "value"] and
       msg = "Invalid kind \"" + kind + "\" in summary model."
     )
+    or
+    exists(string row, string kind | sinkModel(row) |
+      kind = row.splitAt(";", 7) and
+      not kind =
+        [
+          "open-url", "jndi-injection", "ldap", "sql", "jdbc-url", "logging", "mvel", "xpath",
+          "groovy", "xss", "ognl-injection", "intent-start", "pending-intent-sent",
+          "url-open-stream", "url-redirect", "create-file", "write-file", "set-hostname-verifier",
+          "header-splitting", "information-leak", "xslt", "jexl", "bean-validation"
+        ] and
+      not kind.matches("regex-use%") and
+      not kind.matches("qltest%") and
+      msg = "Invalid kind \"" + kind + "\" in sink model."
+    )
+    or
+    exists(string row, string kind | sourceModel(row) |
+      kind = row.splitAt(";", 7) and
+      not kind = ["remote", "contentprovider", "android-widget"] and
+      not kind.matches("qltest%") and
+      msg = "Invalid kind \"" + kind + "\" in source model."
+    )
   }
 }
 
