Add MaDs for Apache Avro

csharp/ql/lib/qlpack.yml

@@ -16,6 +16,6 @@ dependencies:
   codeql/xml: ${workspace}
 dataExtensions:
   - ext/*.model.yml
-  - ext/generated/*.model.yml
+  - ext/generated/**/*.model.yml
 warnOnImplicitThis: true
 compileForOverlayEval: true

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.data.model.yml

@@ -0,0 +1,8 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.data", "ObjectReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.file.model.yml

@@ -0,0 +1,38 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.file", "DataFileReader", True, "DataFileReader", "(File,DatumReader)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader", True, "openReader", "(File,DatumReader)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileWriter", True, "appendTo", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileWriter", True, "create", "(Schema,File)", "", "Argument[1]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SeekableFileInput", True, "SeekableFileInput", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(File,boolean)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro.file", "SyncableFileOutputStream", True, "SyncableFileOutputStream", "(String,boolean)", "", "Argument[0]", "path-injection", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro.file", "DataFileReader12", True, "getMeta", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "getMetaString", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "getSchema", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "iterator", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "next", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileReader12", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getHeader", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getMeta", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getMetaKeys", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getMetaString", "(String)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "getSchema", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "iterator", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "next", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "DataFileStream", True, "nextBlock", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "FileReader", True, "getSchema", "()", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "FileReader", True, "next", "(Object)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro.file", "SeekableInput", True, "read", "(byte[],int,int)", "", "Argument[0]", "file", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.generic.model.yml

@@ -0,0 +1,9 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.generic", "GenericDatumReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.generic", "GenericDatumReader", True, "read", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.io.model.yml

@@ -0,0 +1,11 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.io", "DatumReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.io", "ExecutionStep", True, "execute", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.io", "FieldReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.io", "RecordReader", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.message.model.yml

@@ -0,0 +1,20 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(ByteBuffer)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(ByteBuffer,Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(InputStream)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(byte[])", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "BaseDecoder", True, "decode", "(byte[],Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "BinaryMessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(ByteBuffer)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(ByteBuffer,Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(InputStream)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(byte[])", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "MessageDecoder", True, "decode", "(byte[],Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.message", "RawMessageDecoder", True, "decode", "(InputStream,Object)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.model.yml

@@ -0,0 +1,22 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro", "Parser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(File,Charset)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(Path,Charset)", "", "Argument[0]", "path-injection", "ai-generated"]
+      - ["org.apache.avro", "SchemaParser", True, "parse", "(URI,Charset)", "", "Argument[0]", "request-forgery", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro", "Parser", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "Protocol", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]
+      - ["org.apache.avro", "Schema", True, "parse", "(File)", "", "ReturnValue", "file", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.reflect.model.yml

@@ -0,0 +1,14 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.reflect", "CustomEncoding", True, "read", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "read", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readArray", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readBytes", "(Object,Schema,Decoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readField", "(Object,Schema$Field,Object,ResolvingDecoder,Object)", "", "Argument[3]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readInt", "(Object,Schema,Decoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.reflect", "ReflectDatumReader", True, "readString", "(Object,Decoder)", "", "Argument[1]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.specific.model.yml

@@ -0,0 +1,13 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.specific", "SpecificDatumReader", True, "readField", "(Object,Schema$Field,Object,ResolvingDecoder,Object)", "", "Argument[3]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.specific", "SpecificDatumReader", True, "readRecord", "(Object,Schema,ResolvingDecoder)", "", "Argument[2]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.specific", "SpecificExceptionBase", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.specific", "SpecificFixed", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.specific", "SpecificRecordBase", True, "customDecode", "(ResolvingDecoder)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]
+      - ["org.apache.avro.specific", "SpecificRecordBase", True, "readExternal", "(ObjectInput)", "", "Argument[0]", "unsafe-deserialization", "ai-generated"]

java/ql/lib/ext/generated/llmgenerator/org.apache.avro.util.model.yml

@@ -0,0 +1,13 @@
+# THIS FILE IS AN AUTO-GENERATED MODELS AS DATA FILE. DO NOT EDIT.
+# Generated from https://github.com/apache/avro.git#79017ee391c04f60bdffd5fecf9ecc27c1b1f420 by codeql-mads-via-llm
+extensions:
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sinkModel
+    data:
+      - ["org.apache.avro.util", "RandomData", True, "main", "(String[])", "", "Argument[0]", "path-injection", "ai-generated"]
+  - addsTo:
+      pack: codeql/java-all
+      extensible: sourceModel
+    data:
+      - ["org.apache.avro.util", "RandomData", True, "main", "(String[])", "", "Argument[0]", "commandargs", "ai-generated"]