Merge pull request #88 from GitHubSecurityLab/java/removequerysuitede…

…pendecy Java: Remove dependency to the CodeQL java query pack.
GitHubSecurityLab · Dec 20, 2024 · 7a6a715 · 7a6a715
2 parents 853765d + 09a70a7
commit 7a6a715
Show file tree

Hide file tree

Showing 7 changed files with 125 additions and 10 deletions.
diff --git a/java/lib/semmle/code/xml/MyBatisMapperXML.qll b/java/lib/semmle/code/xml/MyBatisMapperXML.qll
@@ -0,0 +1,116 @@
+/**
+ * Provides classes for working with MyBatis mapper xml files and their content.
+ */
+
+import java
+
+/**
+ * MyBatis Mapper XML file.
+ */
+class MyBatisMapperXmlFile extends XmlFile {
+  MyBatisMapperXmlFile() {
+    count(XmlElement e | e = this.getAChild()) = 1 and
+    this.getAChild().getName() = "mapper"
+  }
+}
+
+/**
+ * An XML element in a `MyBatisMapperXMLFile`.
+ */
+class MyBatisMapperXmlElement extends XmlElement {
+  MyBatisMapperXmlElement() { this.getFile() instanceof MyBatisMapperXmlFile }
+
+  /**
+   * Gets the value for this element, with leading and trailing whitespace trimmed.
+   */
+  string getValue() { result = this.allCharactersString().trim() }
+
+  /**
+   * Gets the reference type bound to MyBatis Mapper XML File.
+   */
+  RefType getNamespaceRefType() {
+    result.getQualifiedName() = this.getAttribute("namespace").getValue()
+  }
+}
+
+/**
+ * An MyBatis Mapper sql operation element.
+ */
+abstract class MyBatisMapperSqlOperation extends MyBatisMapperXmlElement {
+  /**
+   * Gets the value of the `id` attribute of MyBatis Mapper sql operation element.
+   */
+  string getId() { result = this.getAttribute("id").getValue() }
+
+  /**
+   * Gets the `<include>` element in a `MyBatisMapperSqlOperation`.
+   */
+  MyBatisMapperInclude getInclude() { result = this.getAChild*() }
+
+  /**
+   * Gets the method bound to MyBatis Mapper XML File.
+   */
+  Method getMapperMethod() {
+    result.getName() = this.getId() and
+    result.getDeclaringType() = this.getParent().(MyBatisMapperXmlElement).getNamespaceRefType()
+  }
+}
+
+/**
+ * A `<insert>` element in a `MyBatisMapperSqlOperation`.
+ */
+class MyBatisMapperInsert extends MyBatisMapperSqlOperation {
+  MyBatisMapperInsert() { this.getName() = "insert" }
+}
+
+/**
+ * A `<update>` element in a `MyBatisMapperSqlOperation`.
+ */
+class MyBatisMapperUpdate extends MyBatisMapperSqlOperation {
+  MyBatisMapperUpdate() { this.getName() = "update" }
+}
+
+/**
+ * A `<delete>` element in a `MyBatisMapperSqlOperation`.
+ */
+class MyBatisMapperDelete extends MyBatisMapperSqlOperation {
+  MyBatisMapperDelete() { this.getName() = "delete" }
+}
+
+/**
+ * A `<select>` element in a `MyBatisMapperSqlOperation`.
+ */
+class MyBatisMapperSelect extends MyBatisMapperSqlOperation {
+  MyBatisMapperSelect() { this.getName() = "select" }
+}
+
+/**
+ * A `<sql>` element in a `MyBatisMapperXMLElement`.
+ */
+class MyBatisMapperSql extends MyBatisMapperXmlElement {
+  MyBatisMapperSql() { this.getName() = "sql" }
+
+  /**
+   * Gets the value of the `id` attribute of this `<sql>`.
+   */
+  string getId() { result = this.getAttribute("id").getValue() }
+}
+
+/**
+ * A `<include>` element in a `MyBatisMapperXMLElement`.
+ */
+class MyBatisMapperInclude extends MyBatisMapperXmlElement {
+  MyBatisMapperInclude() { this.getName() = "include" }
+
+  /**
+   * Gets the value of the `refid` attribute of this `<include>`.
+   */
+  string getRefid() { result = this.getAttribute("refid").getValue() }
+}
+
+/**
+ * A `<foreach>` element in a `MyBatisMapperXMLElement`.
+ */
+class MyBatisMapperForeach extends MyBatisMapperXmlElement {
+  MyBatisMapperForeach() { this.getName() = "foreach" }
+}
diff --git a/java/src/codeql-pack.lock.yml b/java/src/codeql-pack.lock.yml
@@ -5,8 +5,6 @@ dependencies:
     version: 1.1.5
   codeql/java-all:
     version: 4.2.0
-  codeql/java-queries:
-    version: 1.1.8
   codeql/mad:
     version: 1.0.11
   codeql/rangeanalysis:
@@ -15,8 +13,6 @@ dependencies:
     version: 1.0.11
   codeql/ssa:
     version: 1.0.11
-  codeql/suite-helpers:
-    version: 1.0.11
   codeql/threat-models:
     version: 1.0.11
   codeql/tutorial:

diff --git a/java/src/qlpack.yml b/java/src/qlpack.yml
@@ -5,5 +5,4 @@ suites: suites
 defaultSuiteFile: suites/java.qls
 dependencies:
   codeql/java-all: '*'
-  codeql/java-queries: '*'
   githubsecuritylab/codeql-java-libs: '*'
diff --git a/java/test/codeql-pack.lock.yml b/java/test/codeql-pack.lock.yml
@@ -5,8 +5,6 @@ dependencies:
     version: 1.1.5
   codeql/java-all:
     version: 4.2.0
-  codeql/java-queries:
-    version: 1.1.8
   codeql/mad:
     version: 1.0.11
   codeql/rangeanalysis:
@@ -15,8 +13,6 @@ dependencies:
     version: 1.0.11
   codeql/ssa:
     version: 1.0.11
-  codeql/suite-helpers:
-    version: 1.0.11
   codeql/threat-models:
     version: 1.0.11
   codeql/tutorial:

diff --git a/java/test/qlpack.yml b/java/test/qlpack.yml
@@ -2,7 +2,6 @@ name: githubsecurtylab/codeql-java-tests
 groups: [java, test]
 dependencies:
     codeql/java-all: '*'
-    codeql/java-queries: '*'
     githubsecuritylab/codeql-java-queries: '*'
     githubsecuritylab/codeql-java-libs: '*'
     githubsecuritylab/codeql-java-library-sources: '*'

diff --git a/.../CWE-522-DecompressionBombs/test.expected → ...sionBombs/TestDecompressionBombs.expected b/.../CWE-522-DecompressionBombs/test.expected → ...sionBombs/TestDecompressionBombs.expected
diff --git a/java/test/security/CWE-522-DecompressionBombs/TestDecompressionBombs.ql b/java/test/security/CWE-522-DecompressionBombs/TestDecompressionBombs.ql
@@ -0,0 +1,9 @@
+import java
+import semmle.code.java.security.DecompressionBombQuery
+import TestUtilities.InlineFlowTest
+import TaintFlowTestArgString<DecompressionBombsConfig, getArgString/2>
+
+string getArgString(DataFlow::Node src, DataFlow::Node sink) {
+  exists(src) and
+  result = "\"" + sink.toString() + "\""
+}