From 9dbf468808defc44f291bbb6cf043a28e72daaf1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jack=20N=C3=B8rskov=20J=C3=B8rgensen?= Date: Fri, 24 Apr 2026 13:31:18 +0200 Subject: [PATCH] Add MaDs for Apache Avro --- .../org.apache.avro.data.model.yml | 8 ++++ .../org.apache.avro.file.model.yml | 38 +++++++++++++++++++ .../org.apache.avro.generic.model.yml | 9 +++++ .../llmgenerator/org.apache.avro.io.model.yml | 11 ++++++ .../org.apache.avro.message.model.yml | 20 ++++++++++ .../llmgenerator/org.apache.avro.model.yml | 22 +++++++++++ .../org.apache.avro.reflect.model.yml | 14 +++++++ .../org.apache.avro.specific.model.yml | 13 +++++++ .../org.apache.avro.util.model.yml | 13 +++++++ 9 files changed, 148 insertions(+) create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.data.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.generic.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.io.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.message.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.reflect.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.specific.model.yml create mode 100644 java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.data.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.data.model.yml new file mode 100644 index 000000000000..98b1abf87b42 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.data.model.yml @@ -0,0 +1,8 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.data", "ObjectReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml new file mode 100644 index 000000000000..39708e7e9cc3 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml @@ -0,0 +1,38 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.file", "DataFileReader", True, "DataFileReader", "(File,DatumReader)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader", True, "openReader", "(File,DatumReader)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "DataFileWriter", True, "appendTo", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "DataFileWriter", True, "create", "(Schema,File)", "", "Argument[1]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "SeekableFileInput", True, "SeekableFileInput", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File,boolean)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String,boolean)", "", "Argument[0]", "path-injection", "llm-generated"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.apache.avro.file", "DataFileReader12", True, "getMeta", "(String)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader12", True, "getMetaString", "(String)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader12", True, "getSchema", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader12", True, "iterator", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader12", True, "next", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileReader12", True, "next", "(Object)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "getHeader", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "getMeta", "(String)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "getMetaKeys", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "getMetaString", "(String)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "getSchema", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "iterator", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "next", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "next", "(Object)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "DataFileStream", True, "nextBlock", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "FileReader", True, "getSchema", "()", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "FileReader", True, "next", "(Object)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro.file", "SeekableInput", True, "read", "(byte[],int,int)", "", "Argument[0]", "file", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.generic.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.generic.model.yml new file mode 100644 index 000000000000..64e0f8ab5f92 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.generic.model.yml @@ -0,0 +1,9 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.generic", "GenericDatumReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.generic", "GenericDatumReader", True, "read", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.io.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.io.model.yml new file mode 100644 index 000000000000..929307d172fa --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.io.model.yml @@ -0,0 +1,11 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.io", "DatumReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.io", "ExecutionStep", True, "execute", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.io", "FieldReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.io", "RecordReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.message.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.message.model.yml new file mode 100644 index 000000000000..a3c56ceff00f --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.message.model.yml @@ -0,0 +1,20 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(ByteBuffer)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(ByteBuffer,Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(InputStream)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(byte[])", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(byte[],Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "BinaryMessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(ByteBuffer)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(ByteBuffer,Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(InputStream)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(byte[])", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(byte[],Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.message", "RawMessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml new file mode 100644 index 000000000000..daa3da04ee84 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml @@ -0,0 +1,22 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro", "Parser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "SchemaParser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "SchemaParser", True, "parse", "(File,Charset)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "SchemaParser", True, "parse", "(Path)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "SchemaParser", True, "parse", "(Path,Charset)", "", "Argument[0]", "path-injection", "llm-generated"] + - ["org.apache.avro", "SchemaParser", True, "parse", "(URI,Charset)", "", "Argument[0]", "request-forgery", "llm-generated"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.apache.avro", "Parser", True, "parse", "(File)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "ReturnValue", "file", "llm-generated"] + - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "ReturnValue", "file", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.reflect.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.reflect.model.yml new file mode 100644 index 000000000000..4a12780d2359 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.reflect.model.yml @@ -0,0 +1,14 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.reflect", "CustomEncoding", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "read", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readArray", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readBytes", "(Object,Schema,Decoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readField", "(Object,Schema$Field,Object,ResolvingDecoder,Object)", "", "Argument[3]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readInt", "(Object,Schema,Decoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readString", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.specific.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.specific.model.yml new file mode 100644 index 000000000000..1649e359f3c6 --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.specific.model.yml @@ -0,0 +1,13 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.specific", "SpecificDatumReader", True, "readField", "(Object,Schema$Field,Object,ResolvingDecoder,Object)", "", "Argument[3]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.specific", "SpecificDatumReader", True, "readRecord", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.specific", "SpecificExceptionBase", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.specific", "SpecificFixed", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.specific", "SpecificRecordBase", True, "customDecode", "(ResolvingDecoder)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] + - ["org.apache.avro.specific", "SpecificRecordBase", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "llm-generated"] diff --git a/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml new file mode 100644 index 000000000000..89ad37dfe10b --- /dev/null +++ b/java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml @@ -0,0 +1,13 @@ +# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT. +# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm +extensions: + - addsTo: + pack: codeql/java-all + extensible: sinkModel + data: + - ["org.apache.avro.util", "RandomData", True, "main", "(String[])", "", "Argument[0]", "path-injection", "llm-generated"] + - addsTo: + pack: codeql/java-all + extensible: sourceModel + data: + - ["org.apache.avro.util", "RandomData", True, "main", "(String[])", "", "Argument[0]", "commandargs", "llm-generated"]