🌐 AI搜索 & 代理 主页
Skip to content

Java: Support for MaD barriers and barrier guards. #20986

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
aschackmull wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Java: Support for MaD barriers and barrier guards. #20986

aschackmull wants to merge 10 commits into from
+469 −128

Conversation

@aschackmull
Copy link
Contributor

@aschackmull aschackmull commented Dec 8, 2025
edited
Loading

This adds models-as-data support for Java barriers and barrier guards. There's still some uncertainty about how to best structure the values in the kind column, hence no change-note for now.

@aschackmull aschackmull force-pushed the java/mad-barriers branch 3 times, most recently from e0f6b74 to a40ebd1 Compare December 10, 2025 08:56
@aschackmull aschackmull changed the title Java: Basic support for pass-through barrier models. Java: Support for MaD barriers and barrier guards. Dec 10, 2025
@aschackmull aschackmull force-pushed the java/mad-barriers branch 3 times, most recently from 3f33faf to 8da742a Compare December 11, 2025 12:36
@aschackmull aschackmull marked this pull request as ready for review December 11, 2025 13:52
@aschackmull aschackmull requested a review from a team as a code owner December 11, 2025 13:52
Copilot AI review requested due to automatic review settings December 11, 2025 13:52
@aschackmull aschackmull requested review from a team as code owners December 11, 2025 13:52
Copilot AI reviewed Dec 11, 2025
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds Models-as-Data (MaD) support for Java barriers and barrier guards, enabling external specification of sanitizers that prevent taint flow. The implementation includes shared dataflow infrastructure, Java-specific implementation, and conversion of existing hardcoded sanitizers to MaD models.

Key changes:

  • Added AcceptingValue class and barrier-related predicates to the shared dataflow framework
  • Implemented Java-specific barrier and barrier guard support with parameterized guard checking
  • Converted hardcoded sanitizers (ESAPI validators, Pattern.quote, URI.isAbsolute, File.getName, hudson.Util.escape) to MaD models in YAML files

Reviewed changes

Copilot reviewed 24 out of 24 changed files in this pull request and generated 5 comments.

Show a summary per file
File Description
shared/dataflow/codeql/dataflow/internal/FlowSummaryImpl.qll Adds core infrastructure: AcceptingValue class, barrierElement/barrierGuardElement predicates, isBarrierNode/isBarrierGuardNode predicates, and barrier access path interpretation
shared/mad/codeql/mad/ModelValidation.qll Updates validation error message to include barrier models
swift/ql/lib/codeql/swift/dataflow/internal/FlowSummaryImpl.qll Adds stub barrier predicates (returns none()) for Swift
go/ql/lib/semmle/go/dataflow/internal/FlowSummaryImpl.qll Adds stub barrier predicates (returns none()) for Go
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll Adds stub barrier predicates (returns none()) for C#
cpp/ql/lib/semmle/code/cpp/dataflow/internal/FlowSummaryImpl.qll Adds stub barrier predicates (returns none()) for C++
java/ql/lib/semmle/code/java/dataflow/internal/FlowSummaryImpl.qll Implements barrierElement and barrierGuardElement predicates for Java
java/ql/lib/semmle/code/java/dataflow/internal/ExternalFlowExtensions.qll Declares extensible barrierModel and barrierGuardModel predicates
java/ql/lib/semmle/code/java/dataflow/ExternalFlow.qll Implements barrierNode predicate with barrier guard checking, validation, and model interpretation
java/ql/lib/semmle/code/java/dataflow/internal/DataFlowUtil.qll Adds ParameterizedBarrierGuard module for parameterized guard checking
java/ql/lib/semmle/code/java/dataflow/internal/SsaImpl.qll Adds SSA-level ParameterizedBarrierGuard module
java/ql/lib/semmle/code/java/security/regexp/RegexInjection.qll Replaces PatternQuoteCall sanitizer with DefaultRegexInjectionSanitizer using barrierNode
java/ql/lib/semmle/code/java/security/XSS.qll Refactors DefaultXssSanitizer to use barrierNode, splits primitives and HtmlUtils.htmlEscape into separate classes
java/ql/lib/semmle/code/java/security/TrustBoundaryViolationQuery.qll Replaces EsapiValidatedInputSanitizer with DefaultTrustBoundaryValidationSanitizer using barrierNode
java/ql/lib/semmle/code/java/security/RequestForgery.qll Replaces RelativeUrlSanitizer with DefaultRequestForgerySanitizer using barrierNode
java/ql/lib/semmle/code/java/security/PathSanitizer.qll Replaces FileGetNameSanitizer with DefaultPathInjectionSanitizer using barrierNode
java/ql/lib/semmle/code/java/frameworks/owasp/Esapi.qll Deletes entire file (ESAPI classes now defined in MaD models)
java/ql/lib/semmle/code/java/frameworks/hudson/Hudson.qll Removes HudsonUtilXssSanitizer class (now a MaD barrier model)
java/ql/lib/ext/org.owasp.esapi.model.yml Adds barrierGuardModel entries for ESAPI Validator.isValid* methods and barrierModel entries for Validator.getValid* methods
java/ql/lib/ext/java.util.regex.model.yml Adds barrierModel for Pattern.quote method
java/ql/lib/ext/java.net.model.yml Adds barrierGuardModel for URI.isAbsolute method
java/ql/lib/ext/java.io.model.yml Adds barrierModel for File.getName method
java/ql/lib/ext/hudson.model.yml Adds barrierModel for hudson.Util.escape method
java/ql/lib/ext/empty.model.yml Adds empty barrierModel and barrierGuardModel extensible declarations

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

owen-mc
owen-mc previously approved these changes Dec 11, 2025
View reviewed changes
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@aschackmull
Copy link
Contributor Author

aschackmull commented Dec 11, 2025

Copilot is correct about the minor naming issue (which it repeats 5 times). I've pushed the small rename.

@aschackmull aschackmull added the no-change-note-required This PR does not need a change note label Dec 11, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@owen-mc owen-mc owen-mc approved these changes

Assignees

No one assigned

Labels

C# C++ DataFlow Library Go Java no-change-note-required This PR does not need a change note Swift

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aschackmull @owen-mc