Improve model for CWE-089

Author: mbaluda

java/ql/lib/ext/com.couchbase.client.java.model.yml

@@ -10,19 +10,9 @@ extensions:
       - ["com.couchbase.client.java", "Cluster", true, "connect", "(String,String,String)", "", "Argument[2]", "credentials-password", "manual"]
       - ["com.couchbase.client.java", "ClusterOptions", true, "clusterOptions", "(String,String)", "", "Argument[1]", "credentials-password", "manual"]
       # 'sql-injection' sinks
-      - ["com.couchbase.client.java", "Cluster", true, "analysticsQuery", "(String)", "", "Argument[0]", "sql-injection", "manual"]
-      - ["com.couchbase.client.java", "Cluster", true, "analysticsQuery", "(String,AnalyticsOptions)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "analyticsQuery", "(String)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "analyticsQuery", "(String,AnalyticsOptions)", "", "Argument[0]", "sql-injection", "manual"]
       - ["com.couchbase.client.java", "Cluster", true, "query", "(String)", "", "Argument[0]", "sql-injection", "manual"]
       - ["com.couchbase.client.java", "Cluster", true, "query", "(String,QueryOptions)", "", "Argument[0]", "sql-injection", "manual"]
       - ["com.couchbase.client.java", "Cluster", true, "queryStreaming", "(String,Consumer)", "", "Argument[0]", "sql-injection", "manual"]
       - ["com.couchbase.client.java", "Cluster", true, "queryStreaming", "(String,QueryOptions,Consumer)", "", "Argument[0]", "sql-injection", "manual"]
-      - ["com.couchbase.client.java", "Cluster", true, "searchQuery", "(String,SearchQuery)", "", "Argument[1]", "sql-injection", "manual"]
-      - ["com.couchbase.client.java", "Cluster", true, "searchQuery", "(String,SearchQuery,SearchOptions)", "", "Argument[1]", "sql-injection", "manual"]
-
-  - addsTo:
-      pack: codeql/java-all
-      extensible: summaryModel
-    data:
-      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "", "", "Argument[0]", "ReturnValue.MapKey", "taint", "manual"]
-      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "", "", "Argument[1]", "ReturnValue.MapValue", "taint", "manual"]
-      - ["com.couchbase.client.java.json", "JsonObject", true, "putNull", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]

java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java

@@ -2,17 +2,16 @@
 
 import com.couchbase.client.java.Bucket;
 import com.couchbase.client.java.Cluster;
-import com.couchbase.client.java.Collection;
-import com.couchbase.client.java.json.JsonObject;
 
 public class CouchBase {
   public static void main(String[] args) {
     Cluster cluster = Cluster.connect("192.168.0.158", "Administrator", "Administrator");
     Bucket bucket = cluster.bucket("travel-sample");
+    cluster.analyticsQuery(args[1]);
+    cluster.analyticsQuery(args[1], null);
     cluster.query(args[1]);
-
-    Collection collection = bucket.defaultCollection();
-    collection.replace("airbnb_1", JsonObject.create().putNull(System.getenv("ITEM_CATEGORY")));
-    collection.upsert("airbnb_1", JsonObject.create().put("country", args[1]));
+    cluster.query(args[1], null);
+    cluster.queryStreaming(args[1], null);
+    cluster.queryStreaming(args[1], null, null);
   }
 }

java/ql/test/query-tests/security/CWE-089/semmle/examples/SqlTainted.expected

@@ -30,12 +30,22 @@ public static void test() {
     PasswordAuthenticator.builder()
         .username("Administrator") // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
         .password("password"); // $ HardcodedCredentialsSourceCall $ HardcodedCredentialsApiCall
-    PasswordAuthenticator.builder((Supplier<UsernameAndPassword>) new UsernameAndPassword(
-                "Administrator", // $ HardcodedCredentialsSourceCall$ MISSING: HardcodedCredentialsApiCall 
-                "password")); // $ HardcodedCredentialsSourceCall$ MISSING: HardcodedCredentialsApiCall 
+    PasswordAuthenticator.builder(
+        (Supplier<UsernameAndPassword>)
+            new UsernameAndPassword(
+                "Administrator", // $ HardcodedCredentialsSourceCall $ MISSING: HardcodedCredentialsApiCall
+                "password")); // $ HardcodedCredentialsSourceCall $ MISSING: HardcodedCredentialsApiCall
     PasswordAuthenticator.builder()
-        .username((Supplier<String>) () -> {return "Administrator";}) // $ MISSING: HardcodedCredentialsApiCall
-        .password((Supplier<String>) () -> {return "password";}); // $ MISSING: HardcodedCredentialsApiCall
+        .username(
+            (Supplier<String>)
+                () -> {
+                  return "Administrator"; // $ MISSING: HardcodedCredentialsApiCall
+                }) 
+        .password(
+            (Supplier<String>)
+                () -> {
+                  return "password"; // $ MISSING: HardcodedCredentialsApiCall
+                }); 
 
     // com.couchbase.client.java.Cluster sinks
     Cluster.connect(