From ca8a0e8c855e3f81a6169692585bda0e4c897678 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 19:48:43 +0000 Subject: [PATCH 1/3] Initial plan From 2328586f6d9c8808188d837594f2961c3f73c9b8 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 20:05:24 +0000 Subject: [PATCH 2/3] Add Apache Camel data extension model with source, sink, and summary models Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/e037ce6e-4ab7-4e0a-9a29-dfe6ba18abe3 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- .../java/custom/src/apache-camel.model.yml | 74 +++++++++++++++++++ languages/java/custom/src/qlpack.yml | 2 + 2 files changed, 76 insertions(+) create mode 100644 languages/java/custom/src/apache-camel.model.yml diff --git a/languages/java/custom/src/apache-camel.model.yml b/languages/java/custom/src/apache-camel.model.yml new file mode 100644 index 0000000..6c50191 --- /dev/null +++ b/languages/java/custom/src/apache-camel.model.yml @@ -0,0 +1,74 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + # Exchange — the data carrier in Camel routes; data enters via getMessage/getIn + - ["org.apache.camel", "Exchange", False, "getMessage", "()", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Exchange", False, "getIn", "()", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Exchange", False, "getProperty", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Exchange", False, "getProperty", "(String,Class)", "", "ReturnValue", "remote", "manual"] + # Message — primary data access interface for reading body and headers + - ["org.apache.camel", "Message", False, "getBody", "()", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Message", False, "getBody", "(Class)", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Message", False, "getHeader", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Message", False, "getHeader", "(String,Class)", "", "ReturnValue", "remote", "manual"] + - ["org.apache.camel", "Message", False, "getHeaders", "()", "", "ReturnValue", "remote", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # ProducerTemplate — endpoint URI argument is a request-forgery sink + - ["org.apache.camel", "ProducerTemplate", True, "sendBody", "(String,Object)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "sendBodyAndHeader", "(String,Object,String,Object)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "sendBodyAndHeaders", "(String,Object,Map)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "send", "(String,Processor)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "send", "(String,ExchangePattern,Processor)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBody", "(String,Object)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBody", "(String,Object,Class)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBodyAndHeader", "(String,Object,String,Object)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBodyAndHeaders", "(String,Object,Map)", "", "Argument[0]", "request-forgery", "manual"] + # FluentProducerTemplate — modern builder API, endpoint URI is a request-forgery sink + - ["org.apache.camel", "FluentProducerTemplate", True, "to", "(String)", "", "Argument[0]", "request-forgery", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # Exchange — taint propagation through exchange access + - ["org.apache.camel", "Exchange", True, "getMessage", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "getIn", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "getProperty", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "getProperty", "(String,Class)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "setProperty", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "setMessage", "(Message)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "Exchange", True, "setIn", "(Message)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + # Message — taint propagation through body and header access + - ["org.apache.camel", "Message", True, "getBody", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Message", True, "getBody", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Message", True, "setBody", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "Message", True, "getHeader", "(String)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Message", True, "getHeader", "(String,Class)", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Message", True, "setHeader", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "Message", True, "getHeaders", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "Message", True, "setHeaders", "(Map)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + # ExchangeBuilder — builder pattern: value flows for chaining, taint for data + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withBody", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withBody", "(Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withHeader", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withHeader", "(String,Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withProperty", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "withProperty", "(String,Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel.support.builder", "ExchangeBuilder", False, "build", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + # ProducerTemplate — request methods propagate body to response + - ["org.apache.camel", "ProducerTemplate", True, "requestBody", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBody", "(String,Object,Class)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBodyAndHeader", "(String,Object,String,Object)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "ProducerTemplate", True, "requestBodyAndHeaders", "(String,Object,Map)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + # FluentProducerTemplate — builder pattern for chaining + - ["org.apache.camel", "FluentProducerTemplate", True, "withBody", "(Object)", "", "Argument[0]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "withBody", "(Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "withHeader", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "withHeader", "(String,Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "to", "(String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "request", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "send", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] diff --git a/languages/java/custom/src/qlpack.yml b/languages/java/custom/src/qlpack.yml index 04a1481..c307b54 100644 --- a/languages/java/custom/src/qlpack.yml +++ b/languages/java/custom/src/qlpack.yml @@ -3,3 +3,5 @@ version: 0.0.1 library: false dependencies: codeql/java-all: "*" +dataExtensions: + - "*.model.yml" From 08b38a544e0c9096828073e41767c9ec3216da1d Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Wed, 25 Mar 2026 20:06:25 +0000 Subject: [PATCH 3/3] Fix FluentProducerTemplate.request to use explicit signatures per review feedback Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/e037ce6e-4ab7-4e0a-9a29-dfe6ba18abe3 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- languages/java/custom/src/apache-camel.model.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/languages/java/custom/src/apache-camel.model.yml b/languages/java/custom/src/apache-camel.model.yml index 6c50191..2ef9933 100644 --- a/languages/java/custom/src/apache-camel.model.yml +++ b/languages/java/custom/src/apache-camel.model.yml @@ -70,5 +70,6 @@ extensions: - ["org.apache.camel", "FluentProducerTemplate", True, "withHeader", "(String,Object)", "", "Argument[1]", "Argument[this]", "taint", "manual"] - ["org.apache.camel", "FluentProducerTemplate", True, "withHeader", "(String,Object)", "", "Argument[this]", "ReturnValue", "value", "manual"] - ["org.apache.camel", "FluentProducerTemplate", True, "to", "(String)", "", "Argument[this]", "ReturnValue", "value", "manual"] - - ["org.apache.camel", "FluentProducerTemplate", True, "request", "", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "request", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"] + - ["org.apache.camel", "FluentProducerTemplate", True, "request", "(Class)", "", "Argument[this]", "ReturnValue", "taint", "manual"] - ["org.apache.camel", "FluentProducerTemplate", True, "send", "()", "", "Argument[this]", "ReturnValue", "taint", "manual"]