From 11829306b541890b693a63f989ce004b6af4d682 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Mar 2026 21:11:54 +0000 Subject: [PATCH 1/6] Initial plan From 10ff5883299fdba2c6a015907f6dcbd126080232 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Mar 2026 21:21:21 +0000 Subject: [PATCH 2/6] Add HTTP4k data extension with source and sink models Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/c2b323fa-771e-4a4d-8876-fa6a463ca2bc Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- languages/java/custom/src/http4k.model.yml | 21 +++++++++++++++++++++ languages/java/custom/src/qlpack.yml | 2 ++ 2 files changed, 23 insertions(+) create mode 100644 languages/java/custom/src/http4k.model.yml diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k.model.yml new file mode 100644 index 0000000..9195a07 --- /dev/null +++ b/languages/java/custom/src/http4k.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.http4k.core", "Request", True, "query", "(String)", "", "ReturnValue", "remote", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "html-injection", "manual"] + - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "js-injection", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: [] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/qlpack.yml b/languages/java/custom/src/qlpack.yml index 04a1481..c307b54 100644 --- a/languages/java/custom/src/qlpack.yml +++ b/languages/java/custom/src/qlpack.yml @@ -3,3 +3,5 @@ version: 0.0.1 library: false dependencies: codeql/java-all: "*" +dataExtensions: + - "*.model.yml" From e012e181487845bb5631aaf527ac4cb1103d7953 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Thu, 26 Mar 2026 21:22:48 +0000 Subject: [PATCH 3/6] Fix header sink to use Argument[1] (header value) instead of Argument[0] (header name) Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/c2b323fa-771e-4a4d-8876-fa6a463ca2bc Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- languages/java/custom/src/http4k.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k.model.yml index 9195a07..9d4e118 100644 --- a/languages/java/custom/src/http4k.model.yml +++ b/languages/java/custom/src/http4k.model.yml @@ -8,7 +8,7 @@ extensions: pack: codeql/java-all extensible: sinkModel data: - - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[0]", "request-forgery", "manual"] + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "html-injection", "manual"] - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "js-injection", "manual"] - addsTo: From c7b9b780de894c997c0208bf2289856dd31e9faf Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 14:09:33 +0000 Subject: [PATCH 4/6] Add expanded http4k core sources/sinks, format deserialization models, and multipart sources Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/08129f00-891a-47a8-b941-04ebad32a61f Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- .../java/custom/src/http4k-format.model.yml | 37 +++++++++++++++++++ .../custom/src/http4k-multipart.model.yml | 32 ++++++++++++++++ languages/java/custom/src/http4k.model.yml | 29 ++++++++++++++- 3 files changed, 96 insertions(+), 2 deletions(-) create mode 100644 languages/java/custom/src/http4k-format.model.yml create mode 100644 languages/java/custom/src/http4k-multipart.model.yml diff --git a/languages/java/custom/src/http4k-format.model.yml b/languages/java/custom/src/http4k-format.model.yml new file mode 100644 index 0000000..53d03bc --- /dev/null +++ b/languages/java/custom/src/http4k-format.model.yml @@ -0,0 +1,37 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # Jackson deserialization sinks (untrusted data parsed into objects) + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + # Moshi deserialization sinks + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + # Gson deserialization sinks + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # Jackson: taint propagation through deserialization (input taints output) + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Jackson: JSON string parsing + - ["org.http4k.format", "ConfigurableJackson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Moshi: taint propagation through deserialization + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Moshi: JSON string parsing + - ["org.http4k.format", "ConfigurableMoshi", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Gson: taint propagation through deserialization + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Gson: JSON string parsing + - ["org.http4k.format", "ConfigurableGson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/http4k-multipart.model.yml b/languages/java/custom/src/http4k-multipart.model.yml new file mode 100644 index 0000000..cbaf852 --- /dev/null +++ b/languages/java/custom/src/http4k-multipart.model.yml @@ -0,0 +1,32 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + # MultipartFormBody field accessors (form field values from multipart requests) + - ["org.http4k.core", "MultipartFormBody", True, "fieldValue", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "MultipartFormBody", True, "fieldValues", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "MultipartFormBody", True, "field", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "MultipartFormBody", True, "fields", "(String)", "", "ReturnValue", "remote", "manual"] + # MultipartFormBody file accessors (uploaded files from multipart requests) + - ["org.http4k.core", "MultipartFormBody", True, "file", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "MultipartFormBody", True, "files", "(String)", "", "ReturnValue", "remote", "manual"] + # MultipartFormFile properties (attacker-controlled file metadata and content) + - ["org.http4k.lens", "MultipartFormFile", True, "getFilename", "()", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.lens", "MultipartFormFile", True, "getContent", "()", "", "ReturnValue", "remote", "manual"] + # MultipartFormField value (attacker-controlled form field value) + - ["org.http4k.lens", "MultipartFormField", True, "getValue", "()", "", "ReturnValue", "remote", "manual"] + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: [] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # MultipartFormBody.from() parses multipart request, taint flows through + - ["org.http4k.core", "MultipartFormBody", False, "from", "(HttpMessage,int,DiskLocation)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k.model.yml index 9d4e118..018542d 100644 --- a/languages/java/custom/src/http4k.model.yml +++ b/languages/java/custom/src/http4k.model.yml @@ -3,18 +3,43 @@ extensions: pack: codeql/java-all extensible: sourceModel data: + # Request query parameter accessors - ["org.http4k.core", "Request", True, "query", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "Request", True, "queries", "(String)", "", "ReturnValue", "remote", "manual"] + # Request header accessors + - ["org.http4k.core", "Request", True, "header", "(String)", "", "ReturnValue", "remote", "manual"] + - ["org.http4k.core", "Request", True, "headerValues", "(String)", "", "ReturnValue", "remote", "manual"] + # Request body accessors + - ["org.http4k.core", "Request", True, "bodyString", "()", "", "ReturnValue", "remote", "manual"] + # Request URI + - ["org.http4k.core", "Request", True, "getUri", "()", "", "ReturnValue", "remote", "manual"] - addsTo: pack: codeql/java-all extensible: sinkModel data: - - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] + # Response body sinks (XSS) - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "html-injection", "manual"] - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "js-injection", "manual"] + # Response header sinks (response splitting, request forgery) + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "response-splitting", "manual"] + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all extensible: summaryModel - data: [] + data: + # Request immutable builder pattern: this flows through to return value + - ["org.http4k.core", "Request", True, "header", "(String,String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.http4k.core", "Request", True, "body", "(String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.http4k.core", "Request", True, "query", "(String,String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + # Response immutable builder pattern: this flows through to return value + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[this]", "ReturnValue", "value", "manual"] + # Taint propagation: arguments taint the builder result + - ["org.http4k.core", "Request", True, "header", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.http4k.core", "Request", True, "body", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.core", "Request", True, "query", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"] + - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - addsTo: pack: codeql/java-all extensible: neutralModel From b36259f9cccd7f32db79fa234c7c802e811bc914 Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Mon, 30 Mar 2026 14:11:36 +0000 Subject: [PATCH 5/6] Extend response-splitting sink to cover both header name and value (Argument[0..1]) Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/08129f00-891a-47a8-b941-04ebad32a61f Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- languages/java/custom/src/http4k.model.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k.model.yml index 018542d..19c3828 100644 --- a/languages/java/custom/src/http4k.model.yml +++ b/languages/java/custom/src/http4k.model.yml @@ -21,7 +21,7 @@ extensions: - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "html-injection", "manual"] - ["org.http4k.core", "Response", True, "body", "(String)", "", "Argument[0]", "js-injection", "manual"] # Response header sinks (response splitting, request forgery) - - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "response-splitting", "manual"] + - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[0..1]", "response-splitting", "manual"] - ["org.http4k.core", "Response", True, "header", "(String,String)", "", "Argument[1]", "request-forgery", "manual"] - addsTo: pack: codeql/java-all From 3f4b0985cd10e5d781f3e99d5f2481ded946c97a Mon Sep 17 00:00:00 2001 From: "copilot-swe-agent[bot]" <198982749+Copilot@users.noreply.github.com> Date: Tue, 31 Mar 2026 20:57:59 +0000 Subject: [PATCH 6/6] Split model files to one per external API: http4k-core, http4k-format-jackson, http4k-format-moshi, http4k-format-gson, http4k-multipart Agent-Logs-Url: https://github.com/testing-felickz/codeql-development-template/sessions/845edef4-ae1e-46d7-a82b-6fbcfeb02871 Co-authored-by: felickz <1760475+felickz@users.noreply.github.com> --- ...http4k.model.yml => http4k-core.model.yml} | 0 .../custom/src/http4k-format-gson.model.yml | 21 +++++++++++ .../src/http4k-format-jackson.model.yml | 21 +++++++++++ .../custom/src/http4k-format-moshi.model.yml | 21 +++++++++++ .../java/custom/src/http4k-format.model.yml | 37 ------------------- 5 files changed, 63 insertions(+), 37 deletions(-) rename languages/java/custom/src/{http4k.model.yml => http4k-core.model.yml} (100%) create mode 100644 languages/java/custom/src/http4k-format-gson.model.yml create mode 100644 languages/java/custom/src/http4k-format-jackson.model.yml create mode 100644 languages/java/custom/src/http4k-format-moshi.model.yml delete mode 100644 languages/java/custom/src/http4k-format.model.yml diff --git a/languages/java/custom/src/http4k.model.yml b/languages/java/custom/src/http4k-core.model.yml similarity index 100% rename from languages/java/custom/src/http4k.model.yml rename to languages/java/custom/src/http4k-core.model.yml diff --git a/languages/java/custom/src/http4k-format-gson.model.yml b/languages/java/custom/src/http4k-format-gson.model.yml new file mode 100644 index 0000000..cb87109 --- /dev/null +++ b/languages/java/custom/src/http4k-format-gson.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # Gson deserialization sinks (untrusted data parsed into objects) + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # Gson: taint propagation through deserialization (input taints output) + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Gson: JSON string parsing + - ["org.http4k.format", "ConfigurableGson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/http4k-format-jackson.model.yml b/languages/java/custom/src/http4k-format-jackson.model.yml new file mode 100644 index 0000000..2fa82f3 --- /dev/null +++ b/languages/java/custom/src/http4k-format-jackson.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # Jackson deserialization sinks (untrusted data parsed into objects) + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # Jackson: taint propagation through deserialization (input taints output) + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Jackson: JSON string parsing + - ["org.http4k.format", "ConfigurableJackson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/http4k-format-moshi.model.yml b/languages/java/custom/src/http4k-format-moshi.model.yml new file mode 100644 index 0000000..a2ccc3e --- /dev/null +++ b/languages/java/custom/src/http4k-format-moshi.model.yml @@ -0,0 +1,21 @@ +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + # Moshi deserialization sinks (untrusted data parsed into objects) + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] + - addsTo: + pack: codeql/java-all + extensible: summaryModel + data: + # Moshi: taint propagation through deserialization (input taints output) + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + # Moshi: JSON string parsing + - ["org.http4k.format", "ConfigurableMoshi", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] + - addsTo: + pack: codeql/java-all + extensible: neutralModel + data: [] diff --git a/languages/java/custom/src/http4k-format.model.yml b/languages/java/custom/src/http4k-format.model.yml deleted file mode 100644 index 53d03bc..0000000 --- a/languages/java/custom/src/http4k-format.model.yml +++ /dev/null @@ -1,37 +0,0 @@ -extensions: - - addsTo: - pack: codeql/java-all - extensible: sinkModel - data: - # Jackson deserialization sinks (untrusted data parsed into objects) - - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - # Moshi deserialization sinks - - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - # Gson deserialization sinks - - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "unsafe-deserialization", "manual"] - - addsTo: - pack: codeql/java-all - extensible: summaryModel - data: - # Jackson: taint propagation through deserialization (input taints output) - - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["org.http4k.format", "ConfigurableJackson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - # Jackson: JSON string parsing - - ["org.http4k.format", "ConfigurableJackson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - # Moshi: taint propagation through deserialization - - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["org.http4k.format", "ConfigurableMoshi", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - # Moshi: JSON string parsing - - ["org.http4k.format", "ConfigurableMoshi", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - # Gson: taint propagation through deserialization - - ["org.http4k.format", "ConfigurableGson", True, "asA", "(String,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - ["org.http4k.format", "ConfigurableGson", True, "asA", "(InputStream,Class)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - # Gson: JSON string parsing - - ["org.http4k.format", "ConfigurableGson", True, "asJsonObject", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"] - - addsTo: - pack: codeql/java-all - extensible: neutralModel - data: []