hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,605 Commits 1,671 Branches 157 Tags
changedocs-2.20.6
Commit Graph

565 Commits

Author SHA1 Message Date
Jami Cogswell
c0ebeb9c7b Java: use AdditionalTaintStep 2025-02-14 13:52:43 -05:00
Anders Schack-Mulligen
d7fbf68a59 Merge pull request #17597 from aschackmull/java/chararraywriter-tostring 
Java: Add model for CharArrayWriter.toString().
 2024-11-12 12:55:44 +01:00
Michael Nebel
404ca27aec Java: Move non-experimental models out of the experimental folder. 2024-11-11 10:08:45 +01:00
Michael Nebel
3d70f91b9f Java: Add manual models for various mapToObj methods. 2024-10-23 09:29:15 +02:00
Michael Nebel
d59df1f938 Java: Re-generate JDK 17 models. 2024-10-21 15:19:45 +02:00
Michael Nebel
97f0037a7b Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname. 2024-10-21 15:19:40 +02:00
Michael Nebel
9a44eec04c Java: Add manual models for FileReader (they would also have disappeared if models were re-generated without using mixed mode). 2024-10-21 15:19:37 +02:00
Michael Nebel
b356c3cd48 Java: Manually model ZipFile (due to CWE-522 compression bombs test failure). 2024-10-21 15:19:36 +02:00
Michael Nebel
f7b38a8955 Java: Add some less precise models for BasicAttributes to get the models to work with search sink and re-generate SDK models. 2024-10-21 15:19:34 +02:00
Michael Nebel
3b6f39931b Java: Re-add generated (mixed) summaries and neutrals for the Java SDK 17. 2024-10-21 15:19:28 +02:00
Michael Nebel
f50734f0ee Java: Delete all generated Java JDK models. 2024-10-21 15:19:27 +02:00
Anders Schack-Mulligen
6081ba5902 Merge pull request #17604 from aschackmull/java/neutral-overrides 
Java/C#: Add overrides to the interpretation of neutral MaD models.
 2024-10-01 14:55:54 +02:00
Anders Schack-Mulligen
222ae6ad2d Java: Add a neutral for Comparable.compareTo 2024-09-30 15:51:48 +02:00
Anders Schack-Mulligen
fcb677e84d Java: Add a neutral for Collection.remove. 2024-09-30 15:46:43 +02:00
Anders Schack-Mulligen
38818f3cd2 Java: Adjust Set.clear model to apply to overrides. 2024-09-30 15:46:42 +02:00
Anders Schack-Mulligen
0459d136d3 Java: Remove neutral model for Object.toString. 2024-09-30 15:17:21 +02:00
Anders Schack-Mulligen
1f95fa10fb Java: Fix comment re. neutrals and WithoutElement. 
The remove methods should not have been in this section, as they're
plain neutrals.
 2024-09-30 15:08:56 +02:00
Anders Schack-Mulligen
fb630d266e Java: Add a couple of neutrals 2024-09-27 15:24:06 +02:00
Anders Schack-Mulligen
2d76752ca0 Java: Add model for CharArrayWriter.toString(). 2024-09-27 11:28:20 +02:00
Mauro Baluda
cab35a25a5 Remove duplicate summary for MultipartFile.getInputStream and update .expected file 2024-09-18 20:43:04 +02:00
Mauro Baluda
5ae51f0b56 Address review 2024-09-18 19:28:03 +02:00
Mauro Baluda
cfa14ad5eb Update org.springframework.core.io.model.yml 
Model summary for `getInputStream` methods
 2024-09-18 18:13:29 +02:00
Michael Nebel
bd5529cefa Java: Update the Byte- and CharBuffer models and add models for set- and getParameters on LogRecord. 2024-08-28 16:15:09 +02:00
Michael Nebel
d79aa294ec Java: Move some neutrals into the model.yml file (they have previosly been ignored due to wrong file extension). 2024-08-27 13:28:09 +02:00
Michael Nebel
db51604f46 Java: Promote some generated models and add some manual neutrals. 2024-08-27 13:28:05 +02:00
Chris Smowton
15989ce213 Merge pull request #14089 from am0o0/amammad-java-JWT 
Java: JWT decoding without verification
 2024-08-21 14:14:08 +01:00
am0o0
d88b310b0e add getCredentials method of AuthenticationToken as a remote source 2024-08-16 15:41:19 +02:00
Chris Smowton
95e504a5ff Merge branch 'main' into am0o0-java-PathInjection 2024-08-05 11:41:25 +01:00
Jami
4fb29c4473 Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-31 08:15:07 -04:00
Jami
ff9093f2de Merge branch 'main' into jcogs33/java/add-apache-ant-path-inj-sinks 2024-07-26 08:54:27 -04:00
Jami Cogswell
eea3e82cca Java: fix 'regex-use' comments 2024-07-25 10:39:03 -04:00
Owen Mansel-Chan
3edeb82d5b Add comment by models using regex-use sink kind 2024-07-23 21:40:45 +01:00
Jami Cogswell
f3e5b55cc4 Java: add path injection sinks for Property.setFile and Property.setResource 2024-07-19 18:04:17 -04:00
Ed Minnix
0990a370c7 Convert QL classes for Lastaflute to MaD 2024-07-18 17:41:06 -04:00
Ed Minnix
3bd330423d Add some models for the org.lastaflute.web library 
Methods annotated `@Execute` are handlers for URLs. Therefore, the
parameters of the methods annotated with the
`org.lastaflute.web.Execute` annotation are likely either URL parameters
or forms.
 2024-07-18 17:41:00 -04:00
Jami
a73170df49 Merge branch 'main' into jcogs33/add-toByteArray-summaries 2024-07-16 10:46:36 -04:00
Anders Schack-Mulligen
12d6875cc4 Java: Replace the MaD Object.clone() models with a non-aliasing value step. 2024-07-16 11:11:50 +02:00
Jami
b70a4c839c Merge branch 'main' into jcogs33/add-toByteArray-summaries 2024-07-15 12:35:05 -04:00
Jami Cogswell
cd82ada239 Java: add manual models for all overloads of IOUtils.toByteArray 2024-07-15 12:12:31 -04:00
am0o0
1d1c476674 update tests and use TaintFlowTestArgString 
add stubs
add missed sink models
 2024-07-13 16:58:51 +02:00
Jami Cogswell
77a8ba934c Java: add path-injection sink for hudson.FilePath.exists() 2024-07-11 15:03:40 -04:00
Jami Cogswell
4a1497f367 Java: add IOUtils.toByteArray(InputStream) summary 2024-07-11 13:33:08 -04:00
am0o0
7e5f2e2a48 experimentalSinkModel to sinkModel, remove one path injection sink that already exist before 2024-07-03 08:55:12 +02:00
Jami
901245ae3d Merge branch 'main' into jcogs33/unsafe-url-forward-promotion-resource-and-file-methods 2024-06-26 21:57:07 -04:00
Mauro Baluda
29e3816412 Apply suggestions from code review 
Address reviewiew comments

Co-authored-by: Tony Torralba <atorralba@users.noreply.github.com>
 2024-06-11 12:05:14 +02:00
Mauro Baluda
1d44f45be2 Update org.apache.commons.io.model.yml 2024-06-10 12:03:57 +02:00
Mauro Baluda
71505f4003 Added more org.apache.commons.io.FileUtils-related sinks to the path injection query. 2024-06-10 11:29:51 +02:00
am0o0
412472e9a4 add zip4j 2024-06-08 01:14:04 +02:00
am0o0
ceea475c45 add new s3 and spring IO path injection sinks 2024-06-08 01:04:20 +02:00
Tony Torralba
f16dd8c010 Apply code review suggestions. 2024-06-04 10:35:11 +02:00