From c336a1595d5b8d82e289c58e835e2d3c7d9bf81b Mon Sep 17 00:00:00 2001 From: MarkLee131 Date: Tue, 21 Apr 2026 09:04:33 +1000 Subject: [PATCH 1/2] Java: split read-only path sinks into path-injection[read] Introduce a new Models-as-Data sink sub-kind path-injection[read] for models that only read from or inspect a path. The general java/path-injection query and its PathInjectionSanitizer barrier continue to consider both path-injection and path-injection[read] sinks, so no alerts are lost. The java/zipslip query deliberately selects only path-injection sinks, since read-only accesses such as ClassLoader.getResource or FileInputStream are outside the archive extraction threat model. Addresses https://github.com/github/codeql/issues/21606 along the lines proposed on the issue thread: prefer path-injection[read] over a [create] sub-kind so that miscategorizing a sink causes a false positive (easy to spot) rather than a false negative. - shared/mad/codeql/mad/ModelValidation.qll: allow path-injection[...] as a valid sink kind. - java/ql/lib/ext/*.model.yml: relabel the models that PR #12916 migrated from the historical read-file kind (plus the newer ClassLoader resource-lookup variants that share the same read-only semantics). - java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll and PathSanitizer.qll: select both path-injection and path-injection[read] sinks/barriers. - java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll: keep only path-injection, with a comment explaining why path-injection[read] is excluded. - java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java: add m7 regression covering the Dubbo-style classpath lookup from issue #21606 and assert no alert is produced. - Update TaintedPath.expected for the renamed kinds in the models list. - Add change-notes under java/ql/lib/change-notes and java/ql/src/change-notes. --- .../2026-04-21-path-injection-read-subkind.md | 4 ++ .../ql/lib/ext/com.google.common.io.model.yml | 10 ++-- .../ext/com.thoughtworks.xstream.model.yml | 2 +- java/ql/lib/ext/hudson.model.model.yml | 4 +- java/ql/lib/ext/hudson.model.yml | 10 ++-- java/ql/lib/ext/hudson.scm.model.yml | 6 +-- java/ql/lib/ext/hudson.util.jna.model.yml | 2 +- java/ql/lib/ext/hudson.util.model.yml | 12 ++--- ...tty.handler.codec.http.multipart.model.yml | 2 +- .../ql/lib/ext/io.netty.handler.ssl.model.yml | 4 +- .../lib/ext/io.netty.handler.stream.model.yml | 2 +- java/ql/lib/ext/java.io.model.yml | 16 +++--- java/ql/lib/ext/java.lang.model.yml | 18 +++---- java/ql/lib/ext/java.nio.file.model.yml | 24 ++++----- java/ql/lib/ext/javax.servlet.model.yml | 2 +- java/ql/lib/ext/kotlin.io.model.yml | 6 +-- .../lib/ext/org.apache.commons.io.model.yml | 2 +- .../lib/ext/org.apache.commons.net.model.yml | 6 +-- .../ql/lib/ext/org.apache.tools.ant.model.yml | 10 ++-- .../org.apache.tools.ant.taskdefs.model.yml | 6 +-- ...org.kohsuke.stapler.framework.io.model.yml | 2 +- .../ext/org.springframework.util.model.yml | 2 +- .../code/java/security/PathSanitizer.qll | 4 +- .../code/java/security/TaintedPathQuery.qll | 2 +- .../code/java/security/ZipSlipQuery.qll | 5 ++ .../2026-04-21-zipslip-exclude-read-sinks.md | 4 ++ .../CWE-022/semmle/tests/TaintedPath.expected | 52 +++++++++---------- .../CWE-022/semmle/tests/ZipTest.java | 12 +++++ shared/mad/codeql/mad/ModelValidation.qll | 5 ++ 29 files changed, 134 insertions(+), 102 deletions(-) create mode 100644 java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md create mode 100644 java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md diff --git a/java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md b/java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md new file mode 100644 index 000000000000..bcd9479d2afd --- /dev/null +++ b/java/ql/lib/change-notes/2026-04-21-path-injection-read-subkind.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* Introduced a new sink kind `path-injection[read]` for Models-as-Data rows that only read from a path (such as `ClassLoader.getResource`, `FileInputStream`, `FileReader`, `Files.readAllBytes`, and related APIs). The general `java/path-injection` query continues to consider both `path-injection` and `path-injection[read]` sinks. diff --git a/java/ql/lib/ext/com.google.common.io.model.yml b/java/ql/lib/ext/com.google.common.io.model.yml index 8ce06de61b96..a8d2690bf00b 100644 --- a/java/ql/lib/ext/com.google.common.io.model.yml +++ b/java/ql/lib/ext/com.google.common.io.model.yml @@ -5,12 +5,12 @@ extensions: data: - ["com.google.common.io", "Files", False, "asByteSink", "(File,FileWriteMode[])", "", "Argument[0]", "path-injection", "ai-manual"] - ["com.google.common.io", "Files", False, "asCharSink", "(File,Charset,FileWriteMode[])", "", "Argument[0]", "path-injection", "ai-manual"] - - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "asCharSource", "(File,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["com.google.common.io", "Files", False, "copy", "(File,OutputStream)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["com.google.common.io", "Files", False, "newWriter", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.google.common.io", "Files", False, "readLines", "(File,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["com.google.common.io", "Files", False, "toByteArray", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["com.google.common.io", "Files", False, "toString", "(File,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[0]", "file-content-store", "ai-manual"] - ["com.google.common.io", "Files", False, "write", "(byte[],File)", "", "Argument[1]", "path-injection", "manual"] - addsTo: diff --git a/java/ql/lib/ext/com.thoughtworks.xstream.model.yml b/java/ql/lib/ext/com.thoughtworks.xstream.model.yml index c34bb91d42c9..62e17590ebfd 100644 --- a/java/ql/lib/ext/com.thoughtworks.xstream.model.yml +++ b/java/ql/lib/ext/com.thoughtworks.xstream.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["com.thoughtworks.xstream", "XStream", True, "fromXML", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["com.thoughtworks.xstream", "XStream", True, "fromXML", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.model.model.yml b/java/ql/lib/ext/hudson.model.model.yml index 253f26fbd24e..b52f7195b2b2 100644 --- a/java/ql/lib/ext/hudson.model.model.yml +++ b/java/ql/lib/ext/hudson.model.model.yml @@ -5,8 +5,8 @@ extensions: data: - ["hudson.model", "DownloadService", True, "loadJSON", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] - ["hudson.model", "DownloadService", True, "loadJSONHTML", "(URL)", "", "Argument[0]", "request-forgery", "ai-manual"] - - ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["hudson.model", "DirectoryBrowserSupport", False, "DirectoryBrowserSupport", "(ModelObject,FilePath,String,String,boolean)", "", "Argument[1]", "path-injection[read]", "ai-manual"] + - ["hudson.model", "Items", True, "load", "(ItemGroup,File)", "", "Argument[1]", "path-injection[read]", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "download", "(UpdateCenter$DownloadJob,URL)", "", "Argument[1]", "request-forgery", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(UpdateCenter$DownloadJob,File,File)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson.model", "UpdateCenter$UpdateCenterConfiguration", True, "install", "(UpdateCenter$DownloadJob,File,File)", "", "Argument[2]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.model.yml b/java/ql/lib/ext/hudson.model.yml index 0dfff091fcd4..da2753c86bdd 100644 --- a/java/ql/lib/ext/hudson.model.yml +++ b/java/ql/lib/ext/hudson.model.yml @@ -6,14 +6,14 @@ extensions: - ["hudson", "FilePath", False, "tar", "(OutputStream,String)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson", "FilePath", False, "unzipFrom", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson", "FilePath", True, "copyFrom", "", "", "Argument[this]", "path-injection", "manual"] - - ["hudson", "FilePath", True, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection", "manual"] - - ["hudson", "FilePath", True, "copyFrom", "(URL)", "", "Argument[0]", "path-injection", "manual"] - - ["hudson", "FilePath", True, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", True, "copyFrom", "(FilePath)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["hudson", "FilePath", True, "copyFrom", "(URL)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["hudson", "FilePath", True, "copyFrom", "(FileItem)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["hudson", "FilePath", True, "copyRecursiveTo", "", "", "Argument[this]", "path-injection", "ai-manual"] - ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String,FilePath$TarCompression)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson", "FilePath", True, "copyRecursiveTo", "(DirScanner,FilePath,String)", "", "Argument[1]", "path-injection", "ai-manual"] - ["hudson", "FilePath", True, "copyRecursiveTo", "(String,FilePath)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["hudson", "FilePath", True, "copyRecursiveTo", "(String,String,FilePath)", "", "Argument[2]", "path-injection", "ai-manual"] - ["hudson", "FilePath", True, "copyTo", "", "", "Argument[this]", "path-injection", "manual"] - ["hudson", "FilePath", True, "copyTo", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] @@ -21,7 +21,7 @@ extensions: - ["hudson", "FilePath", True, "copyToWithPermission", "(FilePath)", "", "Argument[0]", "path-injection", "manual"] - ["hudson", "FilePath", True, "exists", "()", "", "Argument[this]", "path-injection", "manual"] - ["hudson", "FilePath", True, "installIfNecessaryFrom", "(URL,TaskListener,String)", "", "Argument[0]", "request-forgery", "ai-manual"] - - ["hudson", "FilePath", True, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson", "FilePath", True, "newInputStreamDenyingSymlinkAsNeeded", "(File,String,boolean)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["hudson", "FilePath", True, "openInputStream", "(File,OpenOption[])", "", "Argument[0]", "path-injection", "manual"] - ["hudson", "FilePath", True, "read", "", "", "Argument[this]", "path-injection", "manual"] - ["hudson", "FilePath", True, "read", "(FilePath,OpenOption[])", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/hudson.scm.model.yml b/java/ql/lib/ext/hudson.scm.model.yml index dc6e0bfa5bb8..a6cf1532b6b4 100644 --- a/java/ql/lib/ext/hudson.scm.model.yml +++ b/java/ql/lib/ext/hudson.scm.model.yml @@ -3,11 +3,11 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.scm", "ChangeLogParser", True, "parse", "(AbstractBuild,File)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["hudson.scm", "ChangeLogParser", True, "parse", "(Run,RepositoryBrowser,File)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson.scm", "ChangeLogParser", True, "parse", "(AbstractBuild,File)", "", "Argument[1]", "path-injection[read]", "ai-manual"] + - ["hudson.scm", "ChangeLogParser", True, "parse", "(Run,RepositoryBrowser,File)", "", "Argument[2]", "path-injection[read]", "ai-manual"] - ["hudson.scm", "SCM", True, "checkout", "(AbstractBuild,Launcher,FilePath,BuildListener,File)", "", "Argument[2]", "path-injection", "ai-manual"] - ["hudson.scm", "SCM", True, "checkout", "(Run,Launcher,FilePath,TaskListener,File,SCMRevisionState)", "", "Argument[2]", "path-injection", "ai-manual"] - - ["hudson.scm", "SCM", True, "compareRemoteRevisionWith", "(Job,Launcher,FilePath,TaskListener,SCMRevisionState)", "", "Argument[2]", "path-injection", "ai-manual"] + - ["hudson.scm", "SCM", True, "compareRemoteRevisionWith", "(Job,Launcher,FilePath,TaskListener,SCMRevisionState)", "", "Argument[2]", "path-injection[read]", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/hudson.util.jna.model.yml b/java/ql/lib/ext/hudson.util.jna.model.yml index c840d0f47256..11efc9ace86b 100644 --- a/java/ql/lib/ext/hudson.util.jna.model.yml +++ b/java/ql/lib/ext/hudson.util.jna.model.yml @@ -3,6 +3,6 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["hudson.util.jna", "GNUCLibrary", True, "open", "(String,int)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util.jna", "GNUCLibrary", True, "open", "(String,int)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson.util.jna", "Kernel32", True, "MoveFileExA", "(String,String,int)", "", "Argument[1]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/hudson.util.model.yml b/java/ql/lib/ext/hudson.util.model.yml index 1ac3aa8c10ae..0fcf7b0cbfb9 100644 --- a/java/ql/lib/ext/hudson.util.model.yml +++ b/java/ql/lib/ext/hudson.util.model.yml @@ -6,7 +6,7 @@ extensions: - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset,boolean,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson.util", "AtomicFileWriter", True, "AtomicFileWriter", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["hudson.util", "ClasspathBuilder", True, "add", "(FilePath)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["hudson.util", "ClasspathBuilder", True, "add", "(FilePath)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["hudson.util", "FormValidation", True, "errorWithMarkup", "", "", "Argument[0]", "html-injection", "manual"] - ["hudson.util", "FormValidation", True, "okWithMarkup", "", "", "Argument[0]", "html-injection", "manual"] - ["hudson.util", "FormValidation", True, "respond", "", "", "Argument[1]", "html-injection", "manual"] @@ -14,11 +14,11 @@ extensions: - ["hudson.util", "IOUtils", True, "mkdirs", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson.util", "StreamTaskListener", True, "StreamTaskListener", "(File,boolean,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - ["hudson.util", "TextFile", True, "delete", "()", "", "Argument[this]", "path-injection", "manual"] - - ["hudson.util", "TextFile", True, "fastTail", "", "", "Argument[this]", "path-injection", "manual"] - - ["hudson.util", "TextFile", True, "head", "", "", "Argument[this]", "path-injection", "manual"] - - ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "path-injection", "manual"] - - ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "path-injection", "manual"] - - ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "path-injection", "manual"] + - ["hudson.util", "TextFile", True, "fastTail", "", "", "Argument[this]", "path-injection[read]", "manual"] + - ["hudson.util", "TextFile", True, "head", "", "", "Argument[this]", "path-injection[read]", "manual"] + - ["hudson.util", "TextFile", True, "lines", "()", "", "Argument[this]", "path-injection[read]", "manual"] + - ["hudson.util", "TextFile", True, "read", "()", "", "Argument[this]", "path-injection[read]", "manual"] + - ["hudson.util", "TextFile", True, "readTrim", "()", "", "Argument[this]", "path-injection[read]", "manual"] - ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[this]", "path-injection", "manual"] - ["hudson.util", "TextFile", True, "write", "(String)", "", "Argument[0]", "file-content-store", "manual"] - ["hudson.util", "HttpResponses", True, "staticResource", "(File)", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml b/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml index a44a2c6c4005..04f1c2ebc19d 100644 --- a/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml +++ b/java/ql/lib/ext/io.netty.handler.codec.http.multipart.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.codec.http.multipart", "HttpPostRequestEncoder", True, "addBodyFileUpload", "(String,File,String,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] + - ["io.netty.handler.codec.http.multipart", "HttpPostRequestEncoder", True, "addBodyFileUpload", "(String,File,String,boolean)", "", "Argument[1]", "path-injection[read]", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/io.netty.handler.ssl.model.yml b/java/ql/lib/ext/io.netty.handler.ssl.model.yml index f63a7a3906f9..2df3ddd6fbc2 100644 --- a/java/ql/lib/ext/io.netty.handler.ssl.model.yml +++ b/java/ql/lib/ext/io.netty.handler.ssl.model.yml @@ -3,7 +3,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["io.netty.handler.ssl", "OpenSslServerContext", False, "OpenSslServerContext", "(File,File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["io.netty.handler.ssl", "SslContextBuilder", False, "forServer", "(File,File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["io.netty.handler.ssl", "SslContextBuilder", False, "trustManager", "(InputStream)", "", "Argument[0]", "path-injection", "ai-manual"] diff --git a/java/ql/lib/ext/io.netty.handler.stream.model.yml b/java/ql/lib/ext/io.netty.handler.stream.model.yml index f4e635f4437e..1a154c59192c 100644 --- a/java/ql/lib/ext/io.netty.handler.stream.model.yml +++ b/java/ql/lib/ext/io.netty.handler.stream.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["io.netty.handler.stream", "ChunkedFile", True, "ChunkedFile", "(RandomAccessFile,long,long,int)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["io.netty.handler.stream", "ChunkedFile", True, "ChunkedFile", "(RandomAccessFile,long,long,int)", "", "Argument[0]", "path-injection[read]", "ai-manual"] diff --git a/java/ql/lib/ext/java.io.model.yml b/java/ql/lib/ext/java.io.model.yml index 07e39c9e12f7..a611135f5db2 100644 --- a/java/ql/lib/ext/java.io.model.yml +++ b/java/ql/lib/ext/java.io.model.yml @@ -23,16 +23,16 @@ extensions: - ["java.io", "File", True, "setReadable", "", "", "Argument[this]", "path-injection", "manual"] - ["java.io", "File", True, "setReadOnly", "", "", "Argument[this]", "path-injection", "manual"] - ["java.io", "File", True, "setWritable", "", "", "Argument[this]", "path-injection", "manual"] - - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.io", "FileInputStream", True, "FileInputStream", "(FileDescriptor)", "", "Argument[0]", "path-injection", "manual"] - - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(FileDescriptor)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["java.io", "FileInputStream", True, "FileInputStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.io", "FileOutputStream", False, "FileOutputStream", "", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "FileOutputStream", False, "write", "", "", "Argument[0]", "file-content-store", "manual"] - - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.io", "FileReader", True, "FileReader", "(FileDescriptor)", "", "Argument[0]", "path-injection", "manual"] - - ["java.io", "FileReader", True, "FileReader", "(File,Charset)", "", "Argument[0]", "path-injection", "manual"] - - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.io", "FileReader", True, "FileReader", "(String,Charset)", "", "Argument[0]", "path-injection", "manual"] + - ["java.io", "FileReader", True, "FileReader", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.io", "FileReader", True, "FileReader", "(FileDescriptor)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["java.io", "FileReader", True, "FileReader", "(File,Charset)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["java.io", "FileReader", True, "FileReader", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.io", "FileReader", True, "FileReader", "(String,Charset)", "", "Argument[0]", "path-injection[read]", "manual"] - ["java.io", "FileSystem", True, "createDirectory", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.io", "FileWriter", False, "FileWriter", "", "", "Argument[0]", "path-injection", "manual"] - ["java.io", "PrintStream", False, "PrintStream", "(File)", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/java.lang.model.yml b/java/ql/lib/ext/java.lang.model.yml index 8c2c448f4c2f..9e3d9e8cee54 100644 --- a/java/ql/lib/ext/java.lang.model.yml +++ b/java/ql/lib/ext/java.lang.model.yml @@ -3,15 +3,15 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", False, "getSystemResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getResources", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.lang", "Class", False, "getResource", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "Class", False, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", False, "getSystemResources", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResource", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getResources", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getSystemResource", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "ClassLoader", True, "getSystemResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.lang", "Module", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.lang", "ProcessBuilder", False, "command", "(List)", "", "Argument[0]", "command-injection", "manual"] - ["java.lang", "ProcessBuilder", False, "command", "(String[])", "", "Argument[0]", "command-injection", "ai-manual"] - ["java.lang", "ProcessBuilder", False, "directory", "(File)", "", "Argument[0]", "command-injection", "ai-manual"] diff --git a/java/ql/lib/ext/java.nio.file.model.yml b/java/ql/lib/ext/java.nio.file.model.yml index 8d7db676e533..b74bdc4c290a 100644 --- a/java/ql/lib/ext/java.nio.file.model.yml +++ b/java/ql/lib/ext/java.nio.file.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection", "manual"] - - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,OutputStream)", "", "Argument[0]", "path-injection[read]", "manual"] + - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection[read]", "manual"] - ["java.nio.file", "Files", False, "copy", "(Path,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[0]", "file-content-store", "manual"] - ["java.nio.file", "Files", False, "copy", "(InputStream,Path,CopyOption[])", "", "Argument[1]", "path-injection", "manual"] @@ -19,22 +19,22 @@ extensions: - ["java.nio.file", "Files", False, "deleteIfExists", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - ["java.nio.file", "Files", False, "getFileStore", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # the FileStore class is unlikely to be used for later sanitization - ["java.nio.file", "Files", False, "exists", "(Path,LinkOption[])", "", "Argument[0]", "path-injection", "manual"] - - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "lines", "(Path,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "lines", "(Path)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.nio.file", "Files", False, "move", "", "", "Argument[1]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "move", "(Path,Path,CopyOption[])", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "newBufferedReader", "(Path,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "newBufferedReader", "(Path)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.nio.file", "Files", False, "newBufferedWriter", "", "", "Argument[0]", "path-injection", "manual"] - - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "newInputStream", "(Path,OpenOption[])", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.nio.file", "Files", False, "newOutputStream", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "notExists", "(Path,LinkOption[])", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "probeContentType", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] # accesses the file based on user input, but only reads its content type from it - - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["java.nio.file", "Files", False, "readAllBytes", "(Path)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "readAllLines", "(Path,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "readAllLines", "(Path)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "readString", "(Path,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["java.nio.file", "Files", False, "readString", "(Path)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["java.nio.file", "Files", False, "write", "", "", "Argument[0]", "path-injection", "manual"] - ["java.nio.file", "Files", False, "write", "", "", "Argument[1]", "file-content-store", "manual"] - ["java.nio.file", "Files", False, "writeString", "", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/javax.servlet.model.yml b/java/ql/lib/ext/javax.servlet.model.yml index cbf99dcd97ef..19a6690858ef 100644 --- a/java/ql/lib/ext/javax.servlet.model.yml +++ b/java/ql/lib/ext/javax.servlet.model.yml @@ -14,7 +14,7 @@ extensions: extensible: sinkModel data: - ["javax.servlet", "ServletContext", True, "getResource", "(String)", "", "Argument[0]", "path-injection", "manual"] - - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["javax.servlet", "ServletContext", True, "getResourceAsStream", "(String)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["javax.servlet", "ServletContext", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"] - ["javax.servlet", "ServletRequest", True, "getRequestDispatcher", "(String)", "", "Argument[0]", "url-forward", "manual"] - addsTo: diff --git a/java/ql/lib/ext/kotlin.io.model.yml b/java/ql/lib/ext/kotlin.io.model.yml index b748e04a292d..550ba509a090 100644 --- a/java/ql/lib/ext/kotlin.io.model.yml +++ b/java/ql/lib/ext/kotlin.io.model.yml @@ -4,9 +4,9 @@ extensions: extensible: sinkModel data: - ["kotlin.io", "FilesKt", False, "deleteRecursively", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["kotlin.io", "FilesKt", False, "readText", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "inputStream", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "readBytes", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["kotlin.io", "FilesKt", False, "readText", "(File,Charset)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - addsTo: pack: codeql/java-all extensible: summaryModel diff --git a/java/ql/lib/ext/org.apache.commons.io.model.yml b/java/ql/lib/ext/org.apache.commons.io.model.yml index 9c75ce8b41ad..de4085a44557 100644 --- a/java/ql/lib/ext/org.apache.commons.io.model.yml +++ b/java/ql/lib/ext/org.apache.commons.io.model.yml @@ -36,7 +36,7 @@ extensions: - ["org.apache.commons.io", "FileUtils", True, "copyInputStreamToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"] - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[0]", "file-content-store", "ai-manual"] - ["org.apache.commons.io", "FileUtils", True, "copyToFile", "(InputStream,File)", "", "Argument[1]", "path-injection", "manual"] - - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.commons.io", "FileUtils", True, "openInputStream", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["org.apache.commons.io", "FileUtils", True, "delete", "(File)", "", "Argument[0]", "path-injection", "manual"] - ["org.apache.commons.io", "FileUtils", True, "deleteDirectory", "(File)", "", "Argument[0]", "path-injection", "manual"] - ["org.apache.commons.io", "FileUtils", True, "deleteQuietly", "(File)", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/org.apache.commons.net.model.yml b/java/ql/lib/ext/org.apache.commons.net.model.yml index 0a4c46e6a3c3..689aa873d960 100644 --- a/java/ql/lib/ext/org.apache.commons.net.model.yml +++ b/java/ql/lib/ext/org.apache.commons.net.model.yml @@ -9,9 +9,9 @@ extensions: - ["org.apache.commons.net", "SocketClient", true, "connect", "(String)", "", "Argument[0]", "request-forgery", "manual"] - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int)", "", "Argument[0]", "request-forgery", "df-manual"] - ["org.apache.commons.net", "SocketClient", true, "connect", "(String,int,InetAddress,int)", "", "Argument[0]", "request-forgery", "manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "path-injection", "df-manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "path-injection", "df-manual"] - - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "path-injection", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String)", "", "Argument[0]", "path-injection[read]", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(File,String,String)", "", "Argument[0]", "path-injection[read]", "df-manual"] + - ["org.apache.commons.net.util", "KeyManagerUtils", false, "createClientKeyManager", "(String,File,String,String,String)", "", "Argument[1]", "path-injection[read]", "df-manual"] - addsTo: pack: codeql/java-all extensible: sourceModel diff --git a/java/ql/lib/ext/org.apache.tools.ant.model.yml b/java/ql/lib/ext/org.apache.tools.ant.model.yml index 474429db030f..cd1b6e198a46 100644 --- a/java/ql/lib/ext/org.apache.tools.ant.model.yml +++ b/java/ql/lib/ext/org.apache.tools.ant.model.yml @@ -3,8 +3,8 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.tools.ant", "AntClassLoader", True, "addPathComponent", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(ClassLoader,Project,Path,boolean)", "", "Argument[2]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path,boolean)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path)", "", "Argument[1]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant", "DirectoryScanner", True, "setBasedir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "addPathComponent", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(ClassLoader,Project,Path,boolean)", "", "Argument[2]", "path-injection[read]", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path,boolean)", "", "Argument[1]", "path-injection[read]", "ai-manual"] + - ["org.apache.tools.ant", "AntClassLoader", True, "AntClassLoader", "(Project,Path)", "", "Argument[1]", "path-injection[read]", "ai-manual"] + - ["org.apache.tools.ant", "DirectoryScanner", True, "setBasedir", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] diff --git a/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml b/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml index 2695c2881f76..5d930f387e9f 100644 --- a/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml +++ b/java/ql/lib/ext/org.apache.tools.ant.taskdefs.model.yml @@ -3,12 +3,12 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.apache.tools.ant.taskdefs", "Copy", True, "addFileset", "(FileSet)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Copy", True, "setFile", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "addFileset", "(FileSet)", "", "Argument[0]", "path-injection[read]", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Copy", True, "setFile", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTodir", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["org.apache.tools.ant.taskdefs", "Copy", True, "setTofile", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - ["org.apache.tools.ant.taskdefs", "Execute", False, "runCommand", "(Task,String[])", "", "Argument[1]", "command-injection", "ai-manual"] - ["org.apache.tools.ant.taskdefs", "Expand", True, "setDest", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] - - ["org.apache.tools.ant.taskdefs", "Expand", True, "setSrc", "(File)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.apache.tools.ant.taskdefs", "Expand", True, "setSrc", "(File)", "", "Argument[0]", "path-injection[read]", "ai-manual"] - ["org.apache.tools.ant.taskdefs", "Property", True, "setFile", "(File)", "", "Argument[0]", "path-injection", "manual"] - ["org.apache.tools.ant.taskdefs", "Property", True, "setResource", "(String)", "", "Argument[0]", "path-injection", "manual"] diff --git a/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml b/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml index 49cd049cdfab..de662c040115 100644 --- a/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml +++ b/java/ql/lib/ext/org.kohsuke.stapler.framework.io.model.yml @@ -3,4 +3,4 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.kohsuke.stapler.framework.io", "LargeText", True, "LargeText", "(File,Charset,boolean,boolean)", "", "Argument[0]", "path-injection", "ai-manual"] + - ["org.kohsuke.stapler.framework.io", "LargeText", True, "LargeText", "(File,Charset,boolean,boolean)", "", "Argument[0]", "path-injection[read]", "ai-manual"] diff --git a/java/ql/lib/ext/org.springframework.util.model.yml b/java/ql/lib/ext/org.springframework.util.model.yml index fffcebb72f88..a3c5e7448d8a 100644 --- a/java/ql/lib/ext/org.springframework.util.model.yml +++ b/java/ql/lib/ext/org.springframework.util.model.yml @@ -4,7 +4,7 @@ extensions: extensible: sinkModel data: - ["org.springframework.util", "FileCopyUtils", False, "copy", "(byte[],File)", "", "Argument[1]", "path-injection", "manual"] - - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "path-injection", "manual"] + - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[0]", "path-injection[read]", "manual"] - ["org.springframework.util", "FileCopyUtils", False, "copy", "(File,File)", "", "Argument[1]", "path-injection", "manual"] - addsTo: diff --git a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll index 788cd5429397..c88ef7187680 100644 --- a/java/ql/lib/semmle/code/java/security/PathSanitizer.qll +++ b/java/ql/lib/semmle/code/java/security/PathSanitizer.qll @@ -290,7 +290,9 @@ private Method getSourceMethod(Method m) { } private class ExternalPathInjectionSanitizer extends PathInjectionSanitizer { - ExternalPathInjectionSanitizer() { barrierNode(this, "path-injection") } + ExternalPathInjectionSanitizer() { + barrierNode(this, ["path-injection", "path-injection[read]"]) + } } /** Holds if `g` is a guard that checks for `..` components. */ diff --git a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll index 6726bcc35086..cb04f39101ce 100644 --- a/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll +++ b/java/ql/lib/semmle/code/java/security/TaintedPathQuery.qll @@ -12,7 +12,7 @@ private import semmle.code.java.security.Sanitizers abstract class TaintedPathSink extends DataFlow::Node { } private class DefaultTaintedPathSink extends TaintedPathSink { - DefaultTaintedPathSink() { sinkNode(this, "path-injection") } + DefaultTaintedPathSink() { sinkNode(this, ["path-injection", "path-injection[read]"]) } } /** diff --git a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll index 9e2e5e4a6c7e..84a94d87dcea 100644 --- a/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll +++ b/java/ql/lib/semmle/code/java/security/ZipSlipQuery.qll @@ -52,6 +52,11 @@ module ZipSlipFlow = TaintTracking::Global; /** * A sink that represents a file creation, such as a file write, copy or move operation. + * + * This deliberately selects only the `path-injection` sink kind and excludes + * `path-injection[read]`: Zip Slip is an archive-extraction vulnerability, so + * read-only path sinks (e.g. `ClassLoader.getResource`, `FileInputStream`, + * `File.exists`) are outside the threat model. */ private class FileCreationSink extends DataFlow::Node { FileCreationSink() { sinkNode(this, "path-injection") } diff --git a/java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md b/java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md new file mode 100644 index 000000000000..ee6889240526 --- /dev/null +++ b/java/ql/src/change-notes/2026-04-21-zipslip-exclude-read-sinks.md @@ -0,0 +1,4 @@ +--- +category: minorAnalysis +--- +* The `java/zipslip` query no longer reports archive entry names that flow only to read-only path sinks such as `ClassLoader.getResource`, `FileInputStream`, and `FileReader`. The query now restricts its sinks to the `path-injection` kind and deliberately excludes the new `path-injection[read]` sub-kind, matching the Zip Slip threat model of unsafe archive extraction. diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected index aee29733bca4..5a6fc6dab462 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/TaintedPath.expected @@ -255,20 +255,20 @@ models | 18 | Sink: java.io; File; true; setReadOnly; ; ; Argument[this]; path-injection; manual | | 19 | Sink: java.io; File; true; setReadable; ; ; Argument[this]; path-injection; manual | | 20 | Sink: java.io; File; true; setWritable; ; ; Argument[this]; path-injection; manual | -| 21 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection; ai-manual | -| 22 | Sink: java.io; FileInputStream; true; FileInputStream; (FileDescriptor); ; Argument[0]; path-injection; manual | -| 23 | Sink: java.io; FileInputStream; true; FileInputStream; (String); ; Argument[0]; path-injection; ai-manual | -| 24 | Sink: java.io; FileReader; true; FileReader; (File); ; Argument[0]; path-injection; ai-manual | -| 25 | Sink: java.io; FileReader; true; FileReader; (File,Charset); ; Argument[0]; path-injection; manual | -| 26 | Sink: java.io; FileReader; true; FileReader; (FileDescriptor); ; Argument[0]; path-injection; manual | -| 27 | Sink: java.io; FileReader; true; FileReader; (String); ; Argument[0]; path-injection; ai-manual | -| 28 | Sink: java.io; FileReader; true; FileReader; (String,Charset); ; Argument[0]; path-injection; manual | -| 29 | Sink: java.lang; Class; false; getResource; (String); ; Argument[0]; path-injection; ai-manual | -| 30 | Sink: java.lang; ClassLoader; true; getSystemResourceAsStream; (String); ; Argument[0]; path-injection; ai-manual | -| 31 | Sink: java.lang; Module; true; getResourceAsStream; (String); ; Argument[0]; path-injection; ai-manual | +| 21 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection[read]; ai-manual | +| 22 | Sink: java.io; FileInputStream; true; FileInputStream; (FileDescriptor); ; Argument[0]; path-injection[read]; manual | +| 23 | Sink: java.io; FileInputStream; true; FileInputStream; (String); ; Argument[0]; path-injection[read]; ai-manual | +| 24 | Sink: java.io; FileReader; true; FileReader; (File); ; Argument[0]; path-injection[read]; ai-manual | +| 25 | Sink: java.io; FileReader; true; FileReader; (File,Charset); ; Argument[0]; path-injection[read]; manual | +| 26 | Sink: java.io; FileReader; true; FileReader; (FileDescriptor); ; Argument[0]; path-injection[read]; manual | +| 27 | Sink: java.io; FileReader; true; FileReader; (String); ; Argument[0]; path-injection[read]; ai-manual | +| 28 | Sink: java.io; FileReader; true; FileReader; (String,Charset); ; Argument[0]; path-injection[read]; manual | +| 29 | Sink: java.lang; Class; false; getResource; (String); ; Argument[0]; path-injection[read]; ai-manual | +| 30 | Sink: java.lang; ClassLoader; true; getSystemResourceAsStream; (String); ; Argument[0]; path-injection[read]; ai-manual | +| 31 | Sink: java.lang; Module; true; getResourceAsStream; (String); ; Argument[0]; path-injection[read]; ai-manual | | 32 | Sink: java.nio.file; Files; false; copy; (InputStream,Path,CopyOption[]); ; Argument[1]; path-injection; manual | -| 33 | Sink: java.nio.file; Files; false; copy; (Path,OutputStream); ; Argument[0]; path-injection; manual | -| 34 | Sink: java.nio.file; Files; false; copy; (Path,Path,CopyOption[]); ; Argument[0]; path-injection; manual | +| 33 | Sink: java.nio.file; Files; false; copy; (Path,OutputStream); ; Argument[0]; path-injection[read]; manual | +| 34 | Sink: java.nio.file; Files; false; copy; (Path,Path,CopyOption[]); ; Argument[0]; path-injection[read]; manual | | 35 | Sink: java.nio.file; Files; false; copy; (Path,Path,CopyOption[]); ; Argument[1]; path-injection; manual | | 36 | Sink: java.nio.file; Files; false; createDirectories; ; ; Argument[0]; path-injection; manual | | 37 | Sink: java.nio.file; Files; false; createDirectory; ; ; Argument[0]; path-injection; manual | @@ -279,31 +279,31 @@ models | 42 | Sink: java.nio.file; Files; false; createTempFile; (Path,String,String,FileAttribute[]); ; Argument[0]; path-injection; manual | | 43 | Sink: java.nio.file; Files; false; delete; (Path); ; Argument[0]; path-injection; ai-manual | | 44 | Sink: java.nio.file; Files; false; deleteIfExists; (Path); ; Argument[0]; path-injection; ai-manual | -| 45 | Sink: java.nio.file; Files; false; lines; (Path,Charset); ; Argument[0]; path-injection; ai-manual | +| 45 | Sink: java.nio.file; Files; false; lines; (Path,Charset); ; Argument[0]; path-injection[read]; ai-manual | | 46 | Sink: java.nio.file; Files; false; move; ; ; Argument[1]; path-injection; manual | -| 47 | Sink: java.nio.file; Files; false; newBufferedReader; (Path,Charset); ; Argument[0]; path-injection; ai-manual | +| 47 | Sink: java.nio.file; Files; false; newBufferedReader; (Path,Charset); ; Argument[0]; path-injection[read]; ai-manual | | 48 | Sink: java.nio.file; Files; false; newBufferedWriter; ; ; Argument[0]; path-injection; manual | | 49 | Sink: java.nio.file; Files; false; newOutputStream; ; ; Argument[0]; path-injection; manual | | 50 | Sink: java.nio.file; Files; false; write; ; ; Argument[0]; path-injection; manual | | 51 | Sink: java.nio.file; Files; false; writeString; ; ; Argument[0]; path-injection; manual | | 52 | Sink: javax.xml.transform.stream; StreamResult; true; StreamResult; (File); ; Argument[0]; path-injection; ai-manual | -| 53 | Sink: org.apache.commons.io; FileUtils; true; openInputStream; (File); ; Argument[0]; path-injection; ai-manual | -| 54 | Sink: org.apache.tools.ant.taskdefs; Copy; true; addFileset; (FileSet); ; Argument[0]; path-injection; ai-manual | -| 55 | Sink: org.apache.tools.ant.taskdefs; Copy; true; setFile; (File); ; Argument[0]; path-injection; ai-manual | +| 53 | Sink: org.apache.commons.io; FileUtils; true; openInputStream; (File); ; Argument[0]; path-injection[read]; ai-manual | +| 54 | Sink: org.apache.tools.ant.taskdefs; Copy; true; addFileset; (FileSet); ; Argument[0]; path-injection[read]; ai-manual | +| 55 | Sink: org.apache.tools.ant.taskdefs; Copy; true; setFile; (File); ; Argument[0]; path-injection[read]; ai-manual | | 56 | Sink: org.apache.tools.ant.taskdefs; Copy; true; setTodir; (File); ; Argument[0]; path-injection; ai-manual | | 57 | Sink: org.apache.tools.ant.taskdefs; Copy; true; setTofile; (File); ; Argument[0]; path-injection; ai-manual | | 58 | Sink: org.apache.tools.ant.taskdefs; Expand; true; setDest; (File); ; Argument[0]; path-injection; ai-manual | -| 59 | Sink: org.apache.tools.ant.taskdefs; Expand; true; setSrc; (File); ; Argument[0]; path-injection; ai-manual | -| 60 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (ClassLoader,Project,Path,boolean); ; Argument[2]; path-injection; ai-manual | -| 61 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (Project,Path); ; Argument[1]; path-injection; ai-manual | -| 62 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (Project,Path,boolean); ; Argument[1]; path-injection; ai-manual | -| 63 | Sink: org.apache.tools.ant; AntClassLoader; true; addPathComponent; (File); ; Argument[0]; path-injection; ai-manual | -| 64 | Sink: org.apache.tools.ant; DirectoryScanner; true; setBasedir; (File); ; Argument[0]; path-injection; ai-manual | +| 59 | Sink: org.apache.tools.ant.taskdefs; Expand; true; setSrc; (File); ; Argument[0]; path-injection[read]; ai-manual | +| 60 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (ClassLoader,Project,Path,boolean); ; Argument[2]; path-injection[read]; ai-manual | +| 61 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (Project,Path); ; Argument[1]; path-injection[read]; ai-manual | +| 62 | Sink: org.apache.tools.ant; AntClassLoader; true; AntClassLoader; (Project,Path,boolean); ; Argument[1]; path-injection[read]; ai-manual | +| 63 | Sink: org.apache.tools.ant; AntClassLoader; true; addPathComponent; (File); ; Argument[0]; path-injection[read]; ai-manual | +| 64 | Sink: org.apache.tools.ant; DirectoryScanner; true; setBasedir; (File); ; Argument[0]; path-injection[read]; ai-manual | | 65 | Sink: org.codehaus.cargo.container.installer; ZipURLInstaller; true; ZipURLInstaller; (URL,String,String); ; Argument[1]; path-injection; ai-manual | | 66 | Sink: org.codehaus.cargo.container.installer; ZipURLInstaller; true; ZipURLInstaller; (URL,String,String); ; Argument[2]; path-injection; ai-manual | -| 67 | Sink: org.kohsuke.stapler.framework.io; LargeText; true; LargeText; (File,Charset,boolean,boolean); ; Argument[0]; path-injection; ai-manual | +| 67 | Sink: org.kohsuke.stapler.framework.io; LargeText; true; LargeText; (File,Charset,boolean,boolean); ; Argument[0]; path-injection[read]; ai-manual | | 68 | Sink: org.openjdk.jmh.runner.options; ChainedOptionsBuilder; true; result; (String); ; Argument[0]; path-injection; ai-manual | -| 69 | Sink: org.springframework.util; FileCopyUtils; false; copy; (File,File); ; Argument[0]; path-injection; manual | +| 69 | Sink: org.springframework.util; FileCopyUtils; false; copy; (File,File); ; Argument[0]; path-injection[read]; manual | | 70 | Sink: org.springframework.util; FileCopyUtils; false; copy; (File,File); ; Argument[1]; path-injection; manual | | 71 | Sink: org.springframework.util; FileCopyUtils; false; copy; (byte[],File); ; Argument[1]; path-injection; manual | | 72 | Source: java.net; Socket; false; getInputStream; (); ; ReturnValue; remote; manual | diff --git a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java index b5bee61b9654..2c5e1cd9d539 100644 --- a/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java +++ b/java/ql/test/query-tests/security/CWE-022/semmle/tests/ZipTest.java @@ -60,4 +60,16 @@ public void m6(ZipEntry entry, Path dir) throws Exception { throw new Exception(); OutputStream os = Files.newOutputStream(target); // OK } + + // Regression for https://github.com/github/codeql/issues/21606: archive entry + // names flowing into read-only classpath/resource lookups are outside the + // Zip Slip threat model. + public void m7(ZipEntry entry) throws Exception { + String name = entry.getName(); + ClassLoader.getSystemResources(name); // OK - read-only resource lookup + getClass().getResource(name); // OK - read-only resource lookup + getClass().getResourceAsStream(name); // OK - read-only resource lookup + new FileInputStream(name); // OK - read-only file open + new FileReader(name); // OK - read-only file open + } } diff --git a/shared/mad/codeql/mad/ModelValidation.qll b/shared/mad/codeql/mad/ModelValidation.qll index 5eaa78626ab3..b5f3e078a527 100644 --- a/shared/mad/codeql/mad/ModelValidation.qll +++ b/shared/mad/codeql/mad/ModelValidation.qll @@ -54,6 +54,11 @@ module KindValidation { this.matches([ // shared "credentials-%", "encryption-%", "qltest%", "test-%", "regex-use%", + // shared: path-injection[read] identifies sinks that only read from a path + // (e.g. ClassLoader.getResource, FileInputStream, File.exists). Queries such + // as java/zipslip that only care about write/extraction deliberately exclude + // this sub-kind. + "path-injection[%]", // Swift-only currently, but may be shared in the future "%string-%length", "weak-hash-input-%", // Go-only currently, but may be shared in the future From 6d10b1582fbb3c6107c7cb0947c2963748ef97ea Mon Sep 17 00:00:00 2001 From: MarkLee131 Date: Tue, 21 Apr 2026 19:45:13 +0800 Subject: [PATCH 2/2] Java: update regression-test expectations for path-injection[read] The sink-model generator and the experimental java/file-path-injection query now observe the new path-injection[read] sub-kind for the FileInputStream and Files.copy source-argument models. - CWE-073 FilePathInjection.expected: refresh the models table for the renamed kind on FileInputStream(File); alerts unchanged. - modelgenerator Sinks.java: update the inline sink annotation for copyFileToDirectory(Path,Path,CopyOption[]) Argument[0] to the new path-injection[read] sub-kind, mirroring the library change. --- .../query-tests/security/CWE-073/FilePathInjection.expected | 2 +- java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected index 9ddb20829483..5752ac764dfd 100644 --- a/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected +++ b/java/ql/test/experimental/query-tests/security/CWE-073/FilePathInjection.expected @@ -10,7 +10,7 @@ edges | FilePathInjection.java:217:19:217:22 | file : File | FilePathInjection.java:177:50:177:58 | file : File | provenance | | models | 1 | Sink: java.io; File; true; exists; (); ; Argument[this]; path-injection; manual | -| 2 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection; ai-manual | +| 2 | Sink: java.io; FileInputStream; true; FileInputStream; (File); ; Argument[0]; path-injection[read]; ai-manual | | 3 | Sink: java.io; FileOutputStream; false; FileOutputStream; ; ; Argument[0]; path-injection; manual | | 4 | Source: com.jfinal.core; Controller; true; getPara; ; ; ReturnValue; remote; manual | | 5 | Source: javax.servlet; ServletRequest; false; getParameter; (String); ; ReturnValue; remote; manual | diff --git a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java index d9a0d9324f3c..13c84954ca00 100644 --- a/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java +++ b/java/ql/test/utils/modelgenerator/dataflow/p/Sinks.java @@ -33,7 +33,7 @@ public Object saveAndGet(Object o) { return null; } - // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection;df-generated + // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[0];path-injection[read];df-generated // sink=p;Sinks;true;copyFileToDirectory;(Path,Path,CopyOption[]);;Argument[1];path-injection;df-generated // neutral=p;Sinks;copyFileToDirectory;(Path,Path,CopyOption[]);summary;df-generated public Path copyFileToDirectory(