codeql/java/ql/lib/ext/java.text.model.yml at codeql-cli/v2.13.4 · github/codeql · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
extensions:
  - addsTo:
      pack: codeql/java-all
      extensible: neutralModel
    data:
      # summary neutrals
      # The below APIs have numeric flow and are currently being stored as neutral models.
      # These may be changed to summary models with kinds "value-numeric" and "taint-numeric" (or similar) in the future.
      - ["java.text", "DateFormat", "format", "(Date)", "summary", "manual"]                   # taint-numeric
      - ["java.text", "DateFormat", "parse", "(String)", "summary", "manual"]                  # taint-numeric
      - ["java.text", "SimpleDateFormat", "SimpleDateFormat", "(String)", "summary", "manual"] # taint-numeric

      # sink neutrals
      - ["java.text", "Collator", "compare", "", "sink", "hq-manual"]
      - ["java.text", "Collator", "equals", "", "sink", "hq-manual"]
      - ["java.text", "RuleBasedCollator", "compare", "", "sink", "hq-manual"]