GitHubSecurityLab
diff --git a/‎java/ext-library-sources/manual/empty.model.yml
Lines changed: 5 additions & 0 deletions b/‎java/ext-library-sources/manual/empty.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎java/ext-library-sources/qlpack.yml
Lines changed: 0 additions & 1 deletion b/‎java/ext-library-sources/qlpack.yml
Lines changed: 0 additions & 1 deletion
diff --git a/‎java/ext/experimental/android.webkit.model.yml
Lines changed: 0 additions & 6 deletions b/‎java/ext/experimental/android.webkit.model.yml
Lines changed: 0 additions & 6 deletions
diff --git a/‎java/ext/experimental/com.jfinal.core.model.yml
Lines changed: 0 additions & 28 deletions b/‎java/ext/experimental/com.jfinal.core.model.yml
Lines changed: 0 additions & 28 deletions
diff --git a/‎java/ext/experimental/empty.model.yml
Lines changed: 0 additions & 15 deletions b/‎java/ext/experimental/empty.model.yml
Lines changed: 0 additions & 15 deletions
diff --git a/‎java/ext/experimental/java.io.model.yml
Lines changed: 0 additions & 6 deletions b/‎java/ext/experimental/java.io.model.yml
Lines changed: 0 additions & 6 deletions
diff --git a/‎java/ext/experimental/javax.servlet.http.model.yml
Lines changed: 0 additions & 10 deletions b/‎java/ext/experimental/javax.servlet.http.model.yml
Lines changed: 0 additions & 10 deletions
diff --git a/‎java/ext/generated/empty.model.yml
Lines changed: 5 additions & 0 deletions b/‎java/ext/generated/empty.model.yml
Lines changed: 5 additions & 0 deletions
diff --git a/‎java/ext/manual/android.webkit.model.yml
Lines changed: 6 additions & 0 deletions b/‎java/ext/manual/android.webkit.model.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎java/ext/experimental/com.google.common.io.model.yml renamed to ‎java/ext/manual/com.google.common.io.model.yml b/‎java/ext/experimental/com.google.common.io.model.yml renamed to ‎java/ext/manual/com.google.common.io.model.yml
diff --git a/‎java/ext/experimental/com.jcraft.jsch.model.yml renamed to ‎java/ext/manual/com.jcraft.jsch.model.yml
Lines changed: 2 additions & 2 deletions b/‎java/ext/experimental/com.jcraft.jsch.model.yml renamed to ‎java/ext/manual/com.jcraft.jsch.model.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎java/ext/manual/com.jfinal.core.model.yml
Lines changed: 28 additions & 0 deletions b/‎java/ext/manual/com.jfinal.core.model.yml
Lines changed: 28 additions & 0 deletions
diff --git a/‎java/ext/manual/java.io.model.yml
Lines changed: 6 additions & 0 deletions b/‎java/ext/manual/java.io.model.yml
Lines changed: 6 additions & 0 deletions
diff --git a/‎java/ext/experimental/java.lang.model.yml renamed to ‎java/ext/manual/java.lang.model.yml
Lines changed: 5 additions & 5 deletions b/‎java/ext/experimental/java.lang.model.yml renamed to ‎java/ext/manual/java.lang.model.yml
Lines changed: 5 additions & 5 deletions
diff --git a/‎java/ext/experimental/java.util.concurrent.model.yml renamed to ‎java/ext/manual/java.util.concurrent.model.yml
Lines changed: 2 additions & 2 deletions b/‎java/ext/experimental/java.util.concurrent.model.yml renamed to ‎java/ext/manual/java.util.concurrent.model.yml
Lines changed: 2 additions & 2 deletions
diff --git a/‎java/ext/manual/javax.servlet.http.model.yml
Lines changed: 10 additions & 0 deletions b/‎java/ext/manual/javax.servlet.http.model.yml
Lines changed: 10 additions & 0 deletions
diff --git a/‎java/ext/experimental/org.apache.logging.log4j.message.model.yml renamed to ‎java/ext/manual/org.apache.logging.log4j.message.model.yml
Lines changed: 5 additions & 5 deletions b/‎java/ext/experimental/org.apache.logging.log4j.message.model.yml renamed to ‎java/ext/manual/org.apache.logging.log4j.message.model.yml
Lines changed: 5 additions & 5 deletions
@@ -0,0 +1,5 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data: []
@@ -8,4 +8,3 @@ dataExtensions:
   - 'manual/**/*.yml'
   - 'generated/*.yml'
   - 'generated/**/*.yml'
-  - 'experimental/*.yml'
@@ -0,0 +1,5 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data: []
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["android.webkit", "WebResourceRequest", False, "getUrl", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] # android-web-resource-response
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/java-all
-      extensible: experimentalSinkModel
+      extensible: sinkModel
     data: 
-      - ["com.jcraft.jsch", "ChannelExec", True, "setCommand", "", "", "Argument[0]", "command-injection", "manual", "jsch-os-injection"]
+      - ["com.jcraft.jsch", "ChannelExec", True, "setCommand", "", "", "Argument[0]", "command-injection", "manual"] #jsch-os-injection
@@ -0,0 +1,28 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["com.jfinal.core", "Controller", True, "get", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getBoolean", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getCookie", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getCookieObject", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getCookieObjects", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getCookieToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getCookieToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getDate", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getFile", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getFiles", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getHeader", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getKv", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getPara", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaMap", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaToBoolean", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaToDate", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaValues", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaValuesToInt", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
+      - ["com.jfinal.core", "Controller", True, "getParaValuesToLong", "", "", "ReturnValue", "remote", "manual"] #file-path-injection
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["java.io", "FileInputStream", True, "FileInputStream", "", "", "Argument[0]", "Argument[this]", "taint", "manual"] # android-web-resource-response
@@ -1,12 +1,12 @@
 extensions:
   - addsTo:
       pack: codeql/java-all
-      extensible: experimentalSinkModel
+      extensible: sinkModel
     data:
-      - ["java.lang", "Thread", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
+      - ["java.lang", "Thread", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual"] #thread-resource-abuse
   - addsTo:
       pack: codeql/java-all
-      extensible: experimentalSummaryModel
+      extensible: summaryModel
     data:
-      - ["java.lang", "Math", False, "max", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
-      - ["java.lang", "Math", False, "min", "", "", "Argument[0..1]", "ReturnValue", "value", "manual", "thread-resource-abuse"]
+      - ["java.lang", "Math", False, "max", "", "", "Argument[0..1]", "ReturnValue", "value", "manual"] #thread-resource-abuse
+      - ["java.lang", "Math", False, "min", "", "", "Argument[0..1]", "ReturnValue", "value", "manual"] #thread-resource-abuse
@@ -1,6 +1,6 @@
 extensions:
   - addsTo:
       pack: codeql/java-all
-      extensible: experimentalSinkModel
+      extensible: sinkModel
     data:
-      - ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual", "thread-resource-abuse"]
+      - ["java.util.concurrent", "TimeUnit", True, "sleep", "", "", "Argument[0]", "thread-pause", "manual"] #thread-resource-abuse
@@ -0,0 +1,10 @@
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathInfo", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getPathTranslated", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURI", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getRequestURL", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
+      - ["javax.servlet.http", "HttpServletRequest", False, "getServletPath", "()", "", "ReturnValue", "uri-path", "manual"] #permissive-dot-regex-query
@@ -1,9 +1,9 @@
 extensions:
   - addsTo:
       pack: codeql/java-all
-      extensible: experimentalSummaryModel
+      extensible: summaryModel
     data:
-      - ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[this]", "taint", "manual", "log4j-injection"]
-      - ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual", "log4j-injection"]
-      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[this]", "ReturnValue", "value", "manual", "log4j-injection"]
-      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[this]", "taint", "manual", "log4j-injection"]
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "put", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] #log4j-injection
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "putAll", "", "", "Argument[0].MapValue", "Argument[this]", "taint", "manual"] #log4j-injection
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[this]", "ReturnValue", "value", "manual"] #log4j-injection
+      - ["org.apache.logging.log4j.message", "MapMessage", True, "with", "", "", "Argument[1]", "Argument[this]", "taint", "manual"] #log4j-injection