From aab7ff919e23d047b65222e7d64a0d8459bc5915 Mon Sep 17 00:00:00 2001 From: Eric Bickle <2086875+ebickle@users.noreply.github.com> Date: Mon, 27 Nov 2023 12:26:28 -0800 Subject: [PATCH 1/3] Java: Improve Gson parse, get, and stream models --- java/ql/lib/ext/com.google.gson.model.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index abc3693ae006..b80f8ba3bb39 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -19,6 +19,8 @@ extensions: - ["com.google.gson", "Gson", False, "newJsonWriter", "", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "nextName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "nextString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson.stream", "JsonReader", False, "JsonReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["com.google.gson.stream", "JsonWriter​", False, "JsonWriter​", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsByte", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsCharacter", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsJsonArray", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] @@ -44,6 +46,12 @@ extensions: - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this].MapKey", "ReturnValue.Element.MapKey", "value", "manual"] - ["com.google.gson", "JsonObject", True, "entrySet", "", "", "Argument[this].MapValue", "ReturnValue.Element.MapValue", "value", "manual"] - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"] + - ["com.google.gson", "JsonObject", True, "getAsJsonArray", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "getAsJsonObject", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "getAsJsonPrimitive​", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this].MapKey", "ReturnValue.Element", "value", "manual"] + - ["com.google.gson", "JsonParser", True, "parseReader", "(JsonReader)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonParser", True, "parseReader", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonParser", True, "parseString", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(Character)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["com.google.gson", "JsonPrimitive", True, "JsonPrimitive", "(String)", "", "Argument[0]", "Argument[this]", "taint", "manual"] From 4fa5b2ae41df0bdeeece8d20e4279f991b9576c7 Mon Sep 17 00:00:00 2001 From: Eric Bickle <2086875+ebickle@users.noreply.github.com> Date: Tue, 2 Jan 2024 14:17:23 -0800 Subject: [PATCH 2/3] Add change nodes for GSON coverage --- .../lib/change-notes/2024-01-02-gson-model-updates.md | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 java/ql/lib/change-notes/2024-01-02-gson-model-updates.md diff --git a/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md b/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md new file mode 100644 index 000000000000..c2684fcf2b5b --- /dev/null +++ b/java/ql/lib/change-notes/2024-01-02-gson-model-updates.md @@ -0,0 +1,11 @@ +--- +category: minorAnalysis +--- +* Added taint tracking for the following GSON methods: + * `com.google.gson.stream.JsonReader` constructor + * `com.google.gson.stream.JsonWriter` constructor + * `com.google.gson.JsonObject.getAsJsonArray` + * `com.google.gson.JsonObject.getAsJsonObject` + * `com.google.gson.JsonObject.getAsJsonPrimitive` + * `com.google.gson.JsonParser.parseReader` + * `com.google.gson.JsonParser.parseString` From 929ce65af146356df2f80738785283dc5686577f Mon Sep 17 00:00:00 2001 From: Eric Bickle <2086875+ebickle@users.noreply.github.com> Date: Mon, 8 Jan 2024 13:15:38 -0800 Subject: [PATCH 3/3] Remove zero width space characters. --- java/ql/lib/ext/com.google.gson.model.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/lib/ext/com.google.gson.model.yml b/java/ql/lib/ext/com.google.gson.model.yml index b80f8ba3bb39..2d78fd12d03c 100644 --- a/java/ql/lib/ext/com.google.gson.model.yml +++ b/java/ql/lib/ext/com.google.gson.model.yml @@ -20,7 +20,7 @@ extensions: - ["com.google.gson.stream", "JsonReader", False, "nextName", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "nextString", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson.stream", "JsonReader", False, "JsonReader", "(Reader)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - - ["com.google.gson.stream", "JsonWriter​", False, "JsonWriter​", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["com.google.gson.stream", "JsonWriter", False, "JsonWriter", "(Writer)", "", "Argument[0]", "Argument[this]", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsByte", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsCharacter", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonElement", True, "getAsJsonArray", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] @@ -48,7 +48,7 @@ extensions: - ["com.google.gson", "JsonObject", True, "get", "", "", "Argument[this].MapValue", "ReturnValue", "value", "manual"] - ["com.google.gson", "JsonObject", True, "getAsJsonArray", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonObject", True, "getAsJsonObject", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - - ["com.google.gson", "JsonObject", True, "getAsJsonPrimitive​", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["com.google.gson", "JsonObject", True, "getAsJsonPrimitive", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonObject", True, "keySet", "", "", "Argument[this].MapKey", "ReturnValue.Element", "value", "manual"] - ["com.google.gson", "JsonParser", True, "parseReader", "(JsonReader)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - ["com.google.gson", "JsonParser", True, "parseReader", "(Reader)", "", "Argument[0]", "ReturnValue", "taint", "manual"]