codeql/java/ql/lib/ext/java.beans.model.yml at 7d4a70cc1d5969ffe321b11c747e2db79304abab · owen-mc/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: summaryModel
    data:
      - ["java.beans", "XMLDecoder", False, "XMLDecoder", "", "", "Argument[0]", "Argument[this]", "taint", "manual"]
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
    data:
      # summary neutrals
      - ["java.beans", "PropertyEditor", "getAsText", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
      - ["java.beans", "PropertyEditor", "getValue", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
      - ["java.beans", "PropertyEditor", "setAsText", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
      - ["java.beans", "PropertyEditor", "setValue", "()", "summary", "df-manual"] # needs to be modeled by regular CodeQL matching the get and set keys to reduce FPs
  - addsTo:
      pack: codeql/java-all
      extensible: sinkModel
    data:
      - ["java.beans", "XMLDecoder", True, "readObject", "()", "", "Argument[this]", "unsafe-deserialization", "manual"]