Skip to content

Commit

Permalink
Credential-username models
Browse files Browse the repository at this point in the history
  • Loading branch information
egregius313 committed Aug 15, 2023
1 parent 110410b commit 7dfbad3
Show file tree
Hide file tree
Showing 19 changed files with 79 additions and 0 deletions.
1 change: 1 addition & 0 deletions java/ql/lib/ext/com.sun.istack.internal.tools.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ extensions:
extensible: sinkModel
data:
- ["com.sun.istack.internal.tools", "DefaultAuthenticator$AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"]
- ["com.sun.istack.internal.tools", "DefaultAuthenticator$AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-username", "Argument[1]", "manual"]
9 changes: 9 additions & 0 deletions java/ql/lib/ext/com.sun.jndi.ldap.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["com.sun.jndi.ldap", "DigestClientId", False, "DigestClientId", "(int, String, int, String, Control[], OutputStream, String, String, Object, Hashtable)", "credential-username", "Argument[7]", "manual"]
- ["com.sun.jndi.ldap", "LdapClient", False, "getInstance", "(boolean, String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable)", "credential-username", "Argument[11]", "manual"]
- ["com.sun.jndi.ldap", "LdapPoolManager", False, "getLdapClient", "(String, int, String, int, int, OutputStream, int, String, Control[], String, String, Object, Hashtable)", "credential-username", "Argument[10]", "manual"]
- ["com.sun.jndi.ldap", "SimpleClientId", False, "SimpleClientId", "(int, String, int, String, Control[], OutputStream, String, String, Object)", "credential-username", "Argument[7]", "manual"]
2 changes: 2 additions & 0 deletions java/ql/lib/ext/com.sun.net.httpserver.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,5 @@ extensions:
extensible: sinkModel
data:
- ["com.sun.net.httpserver", "BasicAuthenticator", False, "checkCredentials", "(String, String)", "credential-password", "Argument[1]", "manual"]
- ["com.sun.net.httpserver", "BasicAuthenticator", False, "checkCredentials", "(String, String)", "credential-username", "Argument[0]", "manual"]
- ["com.sun.net.httpserver", "HttpPrincipal", False, "HttpPrincipal", "(String, String)", "credential-username", "Argument[0]", "manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/com.sun.rowset.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ extensions:
data:
- ["com.sun.rowset", "JdbcRowSetImpl", False, "JdbcRowSetImpl", "(String, String, String)", "credential-password", "Argument[2]", "manual"]
- ["com.sun.rowset", "JdbcRowSetImpl", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"]
- ["com.sun.rowset", "JdbcRowSetImpl", False, "JdbcRowSetImpl", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
2 changes: 2 additions & 0 deletions java/ql/lib/ext/com.sun.security.ntlm.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,5 @@ extensions:
- ["com.sun.security.ntlm", "Client", False, "Client", "(String, String, String, String, char[])", "credential-password", "Argument[4]", "manual"]
- ["com.sun.security.ntlm", "NTLM", False, "getP1", "(char[])", "credential-password", "Argument[0]", "manual"]
- ["com.sun.security.ntlm", "NTLM", False, "getP2", "(char[])", "credential-password", "Argument[0]", "manual"]
- ["com.sun.security.ntlm", "Client", False, "Client", "(String, String, String, String, char[])", "credential-username", "Argument[2]", "manual"]
- ["com.sun.security.ntlm", "Server", False, "getPassword", "(String, String)", "credential-username", "Argument[1]", "manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/com.sun.security.sasl.digest.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ extensions:
data:
- ["com.sun.security.sasl.digest", "DigestMD5Base", False, "generateResponseValue", "(String, String, String, String, String, char[], byte[], byte[], int, byte[])", "credential-password", "Argument[5]", "manual"]
- ["com.sun.security.sasl.digest", "DigestMD5Server", False, "generateResponseAuth", "(String, char[], byte[], int, byte[])", "credential-password", "Argument[1]", "manual"]
- ["com.sun.security.sasl.digest", "DigestMD5Server", False, "generateResponseAuth", "(String, char[], byte[], int, byte[])", "credential-username", "Argument[0]", "manual"]
Original file line number Diff line number Diff line change
Expand Up @@ -4,3 +4,4 @@ extensions:
extensible: sinkModel
data:
- ["com.sun.tools.internal.ws.wscompile", "AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-password", "Argument[2]", "manual"]
- ["com.sun.tools.internal.ws.wscompile", "AuthInfo", False, "AuthInfo", "(URL, String, String)", "credential-username", "Argument[1]", "manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.net.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@ extensions:
- ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader,URLStreamHandlerFactory)", "", "Argument[0]", "request-forgery", "manual"]
- ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[],ClassLoader)", "", "Argument[0]", "request-forgery", "manual"]
- ["java.net", "URLClassLoader", False, "URLClassLoader", "(URL[])", "", "Argument[0]", "request-forgery", "manual"]
- ["java.net", "PasswordAuthentication", False, "PasswordAuthentication", "(String, char[])", "credential-username", "Argument[0]", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
Expand Down
1 change: 1 addition & 0 deletions java/ql/lib/ext/java.sql.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -17,6 +17,7 @@ extensions:
- ["java.sql", "Statement", True, "executeLargeUpdate", "", "", "Argument[0]", "sql-injection", "manual"]
- ["java.sql", "Statement", True, "executeQuery", "", "", "Argument[0]", "sql-injection", "manual"]
- ["java.sql", "Statement", True, "executeUpdate", "", "", "Argument[0]", "sql-injection", "manual"]
- ["java.sql", "DriverManager", False, "getConnection", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
- addsTo:
pack: codeql/java-all
extensible: summaryModel
Expand Down
7 changes: 7 additions & 0 deletions java/ql/lib/ext/javax.print.attribute.standard.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["javax.print.attribute.standard", "JobOriginatingUserName", False, "JobOriginatingUserName", "(String, Locale)", "credential-username", "Argument[0]", "manual"]
- ["javax.print.attribute.standard", "RequestingUserName", False, "RequestingUserName", "(String, Locale)", "credential-username", "Argument[0]", "manual"]
3 changes: 3 additions & 0 deletions java/ql/lib/ext/javax.sql.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -7,3 +7,6 @@ extensions:
- ["javax.sql", "DataSource", False, "getConnection", "(String, String)", "credential-password", "Argument[1]", "manual"]
- ["javax.sql", "RowSet", False, "setPassword", "(String)", "credential-password", "Argument[0]", "manual"]
- ["javax.sql", "XADataSource", False, "getXAConnection", "(String, String)", "credential-password", "Argument[1]", "manual"]
- ["javax.sql", "ConnectionPoolDataSource", False, "getPooledConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
- ["javax.sql", "DataSource", False, "getConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
- ["javax.sql", "XADataSource", False, "getXAConnection", "(String, String)", "credential-username", "Argument[0]", "manual"]
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["sun.jvmstat.perfdata.monitor.protocol.local", "LocalVmManager", False, "LocalVmManager", "(String)", "credential-username", "Argument[0]", "manual"]
- ["sun.jvmstat.perfdata.monitor.protocol.local", "PerfDataFile", False, "getFile", "(String, int)", "credential-username", "Argument[0]", "manual"]
- ["sun.jvmstat.perfdata.monitor.protocol.local", "PerfDataFile", False, "getTempDirectory", "(String)", "credential-username", "Argument[0]", "manual"]
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["sun.jvmstat.perfdata.monitor.protocol.rmi", "RemoteVmManager", False, "RemoteVmManager", "(RemoteHost, String)", "credential-username", "Argument[1]", "manual"]
8 changes: 8 additions & 0 deletions java/ql/lib/ext/sun.misc.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["sun.misc", "Perf", False, "attach", "(String, int, String)", "credential-username", "Argument[0]", "manual"]
- ["sun.misc", "Perf", False, "attach", "(String, int, int)", "credential-username", "Argument[0]", "manual"]
- ["sun.misc", "Perf", False, "attachImpl", "(String, int, int)", "credential-username", "Argument[0]", "manual"]
3 changes: 3 additions & 0 deletions java/ql/lib/ext/sun.net.ftp.impl.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -6,3 +6,6 @@ extensions:
- ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"]
- ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"]
- ["sun.net.ftp.impl", "FtpClient", False, "tryLogin", "(String, char[])", "credential-password", "Argument[1]", "manual"]
- ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[])", "credential-username", "Argument[0]", "manual"]
- ["sun.net.ftp.impl", "FtpClient", False, "login", "(String, char[], String)", "credential-username", "Argument[0]", "manual"]
- ["sun.net.ftp.impl", "FtpClient", False, "tryLogin", "(String, char[])", "credential-username", "Argument[0]", "manual"]
3 changes: 3 additions & 0 deletions java/ql/lib/ext/sun.net.ftp.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,6 @@ extensions:
data:
- ["sun.net.ftp", "FtpClient", False, "login", "(String, char[])", "credential-password", "Argument[1]", "manual"]
- ["sun.net.ftp", "FtpClient", False, "login", "(String, char[], String)", "credential-password", "Argument[1]", "manual"]
- ["sun.net.ftp", "FtpClient", False, "login", "(String, char[])", "credential-username", "Argument[0]", "manual"]
- ["sun.net.ftp", "FtpClient", False, "login", "(String, char[], String)", "credential-username", "Argument[0]", "manual"]
- ["sun.net.ftp", "FtpDirEntry", False, "setUser", "(String)", "credential-username", "Argument[0]", "manual"]
1 change: 1 addition & 0 deletions java/ql/lib/ext/sun.net.www.protocol.http.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -5,3 +5,4 @@ extensions:
data:
- ["sun.net.www.protocol.http", "DigestAuthentication", False, "computeDigest", "(boolean, String, char[], String, String, String, String, String, String)", "credential-password", "Argument[2]", "manual"]
- ["sun.net.www.protocol.http", "DigestAuthentication", False, "encode", "(String, char[], MessageDigest)", "credential-password", "Argument[1]", "manual"]
- ["sun.net.www.protocol.http", "DigestAuthentication", False, "computeDigest", "(boolean, String, char[], String, String, String, String, String, String)", "credential-username", "Argument[1]", "manual"]
6 changes: 6 additions & 0 deletions java/ql/lib/ext/sun.security.acl.model.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
extensions:
- addsTo:
pack: codeql/java-all
extensible: sinkModel
data:
- ["sun.security.acl", "PrincipalImpl", False, "PrincipalImpl", "(String)", "credential-username", "Argument[0]", "manual"]
15 changes: 15 additions & 0 deletions java/ql/lib/ext/sun.tools.jconsole.model.yml
Original file line number Diff line number Diff line change
Expand Up @@ -16,3 +16,18 @@ extensions:
- ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, String, String)", "credential-password", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, int, String, String)", "credential-password", "Argument[3]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "setParameters", "(JMXServiceURL, String, String)", "credential-password", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ConnectDialog", False, "setConnectionParameters", "(String, String, int, String, String, String)", "credential-username", "Argument[3]", "manual"]
- ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "JConsole", False, "addHost", "(String, int, String, String, boolean)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "JConsole", False, "addUrl", "(String, String, String, boolean)", "credential-username", "Argument[1]", "manual"]
- ["sun.tools.jconsole", "JConsole", False, "failed", "(Exception, String, String, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "JConsole", False, "showConnectDialog", "(String, String, int, String, String, String)", "credential-username", "Argument[3]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "ProxyClient", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getCacheKey", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getConnectionName", "(String, String)", "credential-username", "Argument[1]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getConnectionName", "(String, int, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, String, String)", "credential-username", "Argument[1]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "getProxyClient", "(String, int, String, String)", "credential-username", "Argument[2]", "manual"]
- ["sun.tools.jconsole", "ProxyClient", False, "setParameters", "(JMXServiceURL, String, String)", "credential-username", "Argument[1]", "manual"]

0 comments on commit 7dfbad3

Please sign in to comment.