Skip to content

Commit 3486ce2

Browse files
author
Sauyon Lee
committed
Add taint models for org.springframework.util.StringUtils
1 parent a2c8402 commit 3486ce2

File tree

2 files changed

+52
-0
lines changed

2 files changed

+52
-0
lines changed

java/ql/src/semmle/code/java/frameworks/spring/Spring.qll

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -32,6 +32,7 @@ import semmle.code.java.frameworks.spring.SpringQualifier
3232
import semmle.code.java.frameworks.spring.SpringRef
3333
import semmle.code.java.frameworks.spring.SpringReplacedMethod
3434
import semmle.code.java.frameworks.spring.SpringSet
35+
import semmle.code.java.frameworks.spring.SpringStringUtils
3536
import semmle.code.java.frameworks.spring.SpringValue
3637
import semmle.code.java.frameworks.spring.SpringXMLElement
3738
import semmle.code.java.frameworks.spring.metrics.MetricSpringBean

java/ql/src/semmle/code/java/frameworks/spring/SpringStringUtils.qll

Lines changed: 51 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,51 @@
1+
/** Definitions of flow steps through utility methods of `org.springframework.util.SpringUtils`. */
2+
3+
import java
4+
private import semmle.code.java.dataflow.ExternalFlow
5+
6+
private class SpringStringUtilsModel extends SummaryModelCsv {
7+
override predicate row(string row) {
8+
row =
9+
[
10+
"org.springframework.util;StringUtils;false;addStringToArray;;;Argument[0..1];ReturnValue;taint",
11+
"org.springframework.util;StringUtils;false;applyRelativePath;;;Argument[0..1];ReturnValue;taint",
12+
"org.springframework.util;StringUtils;false;arrayToCommaDelimitedString;;;Argument[0];ReturnValue;taint",
13+
"org.springframework.util;StringUtils;false;arrayToDelimitedString;;;Argument[0..1];ReturnValue;taint",
14+
"org.springframework.util;StringUtils;false;capitalize;;;Argument[0];ReturnValue;taint",
15+
"org.springframework.util;StringUtils;false;cleanPath;;;Argument[0];ReturnValue;taint",
16+
"org.springframework.util;StringUtils;false;collectionToCommaDelimitedString;;;Argument[0];ReturnValue;taint",
17+
"org.springframework.util;StringUtils;false;collectionToDelimitedString;;;Argument[0..1];ReturnValue;taint",
18+
"org.springframework.util;StringUtils;false;collectionToDelimitedString;(java.util.Collection,java.lang.String,java.lang.String,java.lang.String);;Argument[2..3];ReturnValue;taint",
19+
"org.springframework.util;StringUtils;false;commaDelimitedListToSet;;;Argument[0];ReturnValue;taint",
20+
"org.springframework.util;StringUtils;false;commaDelimitedListToStringArray;;;Argument[0];ReturnValue;taint",
21+
"org.springframework.util;StringUtils;false;concatenateStringArrays;;;Argument[0..1];ReturnValue;taint",
22+
"org.springframework.util;StringUtils;false;delete;;;Argument[0];ReturnValue;taint",
23+
"org.springframework.util;StringUtils;false;deleteAny;;;Argument[0];ReturnValue;taint",
24+
"org.springframework.util;StringUtils;false;delimitedListToStringArray;;;Argument[0];ReturnValue;taint",
25+
"org.springframework.util;StringUtils;false;getFilename;;;Argument[0];ReturnValue;taint",
26+
"org.springframework.util;StringUtils;false;getFilenameExtension;;;Argument[0];ReturnValue;taint",
27+
"org.springframework.util;StringUtils;false;mergeStringArrays;;;Argument[0..1];ReturnValue;taint",
28+
"org.springframework.util;StringUtils;false;quote;;;Argument[0];ReturnValue;taint",
29+
"org.springframework.util;StringUtils;false;quoteIfString;;;Argument[0];ReturnValue;taint",
30+
"org.springframework.util;StringUtils;false;removeDuplicateStrings;;;Argument[0];ReturnValue;taint",
31+
"org.springframework.util;StringUtils;false;replace;;;Argument[0];ReturnValue;taint",
32+
"org.springframework.util;StringUtils;false;replace;;;Argument[2];ReturnValue;taint",
33+
"org.springframework.util;StringUtils;false;sortStringArray;;;Argument[0];ReturnValue;taint",
34+
"org.springframework.util;StringUtils;false;split;;;Argument[0];ReturnValue;taint",
35+
"org.springframework.util;StringUtils;false;splitArrayElementsIntoProperties;;;Argument[0];ReturnValue;taint",
36+
"org.springframework.util;StringUtils;false;stripFilenameExtension;;;Argument[0];ReturnValue;taint",
37+
"org.springframework.util;StringUtils;false;tokenizeToStringArray;;;Argument[0];ReturnValue;taint",
38+
"org.springframework.util;StringUtils;false;toStringArray;;;Argument[0];ReturnValue;taint",
39+
"org.springframework.util;StringUtils;false;trimAllWhitespace;;;Argument[0];ReturnValue;taint",
40+
"org.springframework.util;StringUtils;false;trimArrayElements;;;Argument[0];ReturnValue;taint",
41+
"org.springframework.util;StringUtils;false;trimLeadingCharacter;;;Argument[0];ReturnValue;taint",
42+
"org.springframework.util;StringUtils;false;trimLeadingWhitespace;;;Argument[0];ReturnValue;taint",
43+
"org.springframework.util;StringUtils;false;trimTrailingCharacter;;;Argument[0];ReturnValue;taint",
44+
"org.springframework.util;StringUtils;false;trimTrailingWhitespace;;;Argument[0];ReturnValue;taint",
45+
"org.springframework.util;StringUtils;false;trimWhitespace;;;Argument[0];ReturnValue;taint",
46+
"org.springframework.util;StringUtils;false;uncapitalize;;;Argument[0];ReturnValue;taint",
47+
"org.springframework.util;StringUtils;false;unqualify;;;Argument[0];ReturnValue;taint",
48+
"org.springframework.util;StringUtils;false;uriDecode;;;Argument[0];ReturnValue;taint"
49+
]
50+
}
51+
}

0 commit comments

Comments
 (0)