Expand CI Pipeline (#59)

Add cached LLM files for new CVEs, update CI CodeQL version to 2.15.2, update to_build.json to expand CI to three new CVEs.

Author: IcebladeLabs

.github/cached_output/OWASP__json-sanitizer_CVE-2020-13973_1.2.0/llm_labelled_sink_apis.json

@@ -0,0 +1 @@
+[]

.github/cached_output/OWASP__json-sanitizer_CVE-2020-13973_1.2.0/llm_labelled_source_apis.json

@@ -0,0 +1 @@
+[]

.github/cached_output/OWASP__json-sanitizer_CVE-2020-13973_1.2.0/llm_labelled_source_func_params.json

@@ -0,0 +1,20 @@
+[
+  {
+    "package": "com.google.json",
+    "class": "EvalMinifier",
+    "method": "minify",
+    "signature": "String minify(String jsonish)",
+    "tainted_input": [
+      "jsonish"
+    ]
+  },
+  {
+    "package": "com.google.json",
+    "class": "JsonSanitizer",
+    "method": "sanitize",
+    "signature": "String sanitize(String jsonish)",
+    "tainted_input": [
+      "jsonish"
+    ]
+  }
+]

.github/cached_output/OWASP__json-sanitizer_CVE-2020-13973_1.2.0/llm_labelled_taint_prop_apis.json

@@ -0,0 +1,130 @@
+[
+  {
+    "package": "java.lang",
+    "class": "CharSequence",
+    "method": "toString",
+    "signature": "String toString()",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "append",
+    "signature": "StringBuilder append(String p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "append",
+    "signature": "StringBuilder append(char p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "append",
+    "signature": "StringBuilder append(CharSequence p0, int p1, int p2)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "insert",
+    "signature": "StringBuilder insert(int p0, char p1)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "StringBuilder",
+    "signature": "StringBuilder(String p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "toString",
+    "signature": "String toString()",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "String",
+    "method": "substring",
+    "signature": "String substring(int p0, int p1)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "append",
+    "signature": "StringBuilder append(int p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "AbstractStringBuilder",
+    "method": "substring",
+    "signature": "String substring(int p0, int p1)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "insert",
+    "signature": "StringBuilder insert(int p0, String p1)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "String",
+    "method": "getBytes",
+    "signature": "byte[] getBytes(String p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "Appendable",
+    "method": "append",
+    "signature": "Appendable append(char p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "String",
+    "method": "format",
+    "signature": "String format(Locale p0, String p1, Object[] p2)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "String",
+    "method": "format",
+    "signature": "String format(String p0, Object[] p1)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  },
+  {
+    "package": "java.lang",
+    "class": "StringBuilder",
+    "method": "appendCodePoint",
+    "signature": "StringBuilder appendCodePoint(int p0)",
+    "sink_args": [],
+    "type": "taint-propagator"
+  }
+]

.github/cached_output/jenkinsci__docker-commons-plugin_CVE-2022-20617_1.17/llm_labelled_sink_apis.json

@@ -0,0 +1,213 @@
+[
+  {
+    "package": "com.cloudbees.plugins.credentials.domains",
+    "class": "HostnameRequirement",
+    "method": "HostnameRequirement",
+    "signature": "HostnameRequirement(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "java.util.logging",
+    "class": "Logger",
+    "method": "log",
+    "signature": "void log(Level p0, String p1, Throwable p2)",
+    "sink_args": [
+      "p1"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "java.lang",
+    "class": "Boolean",
+    "method": "getBoolean",
+    "signature": "boolean getBoolean(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "java.io",
+    "class": "File",
+    "method": "exists",
+    "signature": "boolean exists()",
+    "type": "sink",
+    "sink_args": [
+      "this"
+    ]
+  },
+  {
+    "package": "org.apache.commons.io",
+    "class": "FileUtils",
+    "method": "writeStringToFile",
+    "signature": "void writeStringToFile(File p0, String p1, String p2)",
+    "sink_args": [
+      "p1"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson",
+    "class": "FilePath",
+    "method": "write",
+    "signature": "void write(String p0, String p1)",
+    "sink_args": [
+      "p0",
+      "p1"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "com.cloudbees.plugins.credentials.domains",
+    "class": "URIRequirementBuilder",
+    "method": "fromUri",
+    "signature": "URIRequirementBuilder fromUri(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson",
+    "class": "ProcStarter",
+    "method": "cmds",
+    "signature": "ProcStarter cmds(ArgumentListBuilder p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson.util",
+    "class": "ArgumentListBuilder",
+    "method": "add",
+    "signature": "ArgumentListBuilder add(Object p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson.util",
+    "class": "ArgumentListBuilder",
+    "method": "add",
+    "signature": "ArgumentListBuilder add(String p0, boolean p1)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson.util",
+    "class": "ArgumentListBuilder",
+    "method": "ArgumentListBuilder",
+    "signature": "ArgumentListBuilder(String[] p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson.model",
+    "class": "Node",
+    "method": "createPath",
+    "signature": "FilePath createPath(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson",
+    "class": "FilePath",
+    "method": "copyFrom",
+    "signature": "void copyFrom(URL p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson.model",
+    "class": "TaskListener",
+    "method": "error",
+    "signature": "PrintWriter error(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "org.jenkinsci.plugins.workflow.job",
+    "class": "WorkflowJob",
+    "method": "scheduleBuild2",
+    "signature": "QueueTaskFuture<WorkflowRun> scheduleBuild2(int p0, Action[] p1)",
+    "type": "sink",
+    "sink_args": [
+      "p1"
+    ]
+  },
+  {
+    "package": "java.lang",
+    "class": "Class",
+    "method": "getResourceAsStream",
+    "signature": "InputStream getResourceAsStream(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "org.jvnet.hudson.test",
+    "class": "JenkinsRule",
+    "method": "submit",
+    "signature": "HtmlPage submit(HtmlForm p0)",
+    "type": "sink",
+    "sink_args": [
+      "p0"
+    ]
+  },
+  {
+    "package": "org.jvnet.hudson.test",
+    "class": "WebClient",
+    "method": "goTo",
+    "signature": "HtmlPage goTo(String p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "java.io",
+    "class": "File",
+    "method": "list",
+    "signature": "String[] list()",
+    "type": "sink",
+    "sink_args": [
+      "this"
+    ]
+  },
+  {
+    "package": "org.apache.commons.io",
+    "class": "FileUtils",
+    "method": "write",
+    "signature": "void write(File p0, CharSequence p1)",
+    "sink_args": [
+      "p1"
+    ],
+    "type": "sink"
+  },
+  {
+    "package": "hudson",
+    "class": "ProcStarter",
+    "method": "cmds",
+    "signature": "ProcStarter cmds(String[] p0)",
+    "sink_args": [
+      "p0"
+    ],
+    "type": "sink"
+  }
+]