2962 Commits

Author	SHA1	Message	Date
Edward Minnix III	72a1289eba	Rename class to CredentialsSinkNode to better align with naming convention ... Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-10-25 14:31:54 -04:00
Ed Minnix	a85df81b67	Rename sink kind to "credentials-username" to match naming convention	2023-10-25 14:31:54 -04:00
Ed Minnix	0612b3795a	Rename sink kind to "credentials-password" to match naming convention	2023-10-25 14:31:54 -04:00
Ed Minnix	3ee0fa9bc4	Add deprecation messages	2023-10-25 14:31:54 -04:00
Edward Minnix III	2f53adf2c2	Fix typo ... Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>	2023-10-25 14:31:54 -04:00
Ed Minnix	ee6cb96d07	Add a superclass for credential nodes	2023-10-25 14:31:53 -04:00
Ed Minnix	4f8908106b	Refactor HardcodedCredentials to use new SensitiveApi api	2023-10-25 14:31:53 -04:00
Ed Minnix	4aec302fb7	Create new sink kinds	2023-10-25 14:31:53 -04:00
Anders Schack-Mulligen	283d6efdf8	Rangeanalysis/Java/C++: Address some ql4ql findings.	2023-10-25 14:06:35 +02:00
Jami	53d92d58fc	Merge pull request #14581 from jcogs33/jcogs33/add-internal-to-model-exclusions ... Java: exclude internal packages globally from MaD models	2023-10-25 08:04:03 -04:00
Anders Schack-Mulligen	2592c94c54	Java: Replace range analysis with shared version.	2023-10-25 11:29:55 +02:00
Anders Schack-Mulligen	36082808d3	Java: Implement shared range analysis signatures.	2023-10-25 11:29:55 +02:00
Marcono1234	bf20b8e5a5	Kotlin: Mention Literal::getLiteral() difference from source code ... It appears the Kotlin extractor does not have access to the actual string representation in the source code, and for most literal types uses simply the represented value also as `getLiteral` result, see https://github.com/github/codeql/blob/codeql-cli/v2.15.1/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt#L4443	2023-10-25 02:04:54 +02:00
Dave Bartolomeo	5fd56ce866	Alternate threat model implementation	2023-10-24 13:12:37 -04:00
Jami Cogswell	121fd0896b	Java: exclude internal packages in general from models	2023-10-24 12:49:49 -04:00
Chris Smowton	30610c9a3f	Temporarily de-deprecate SuperMethodAccess to accommodate private tests	2023-10-24 16:05:52 +01:00
Chris Smowton	4205f1bd03	Temporarily un-deprecate MethodAccess to decouple from private tests	2023-10-24 14:03:26 +01:00
Chris Smowton	06238dd5f6	Improve reflective class names	2023-10-24 13:29:32 +01:00
Chris Smowton	011666b48c	Fix description and improve predicate name of VarWrite.	2023-10-24 12:59:57 +01:00
Chris Smowton	ede17585a6	Amend NewClassExpr description ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-10-24 12:51:42 +01:00
Chris Smowton	e3edea2a5f	Apply simple suggestions from code review ... Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>	2023-10-24 12:51:03 +01:00
Chris Smowton	3627eb2bcf	Add missing qldoc	2023-10-24 11:15:08 +01:00
Chris Smowton	e8c9708282	Autoformat	2023-10-24 11:06:19 +01:00
Chris Smowton	09e83d1173	Fix isEnclosingMethodAccess wrapper	2023-10-24 11:03:57 +01:00
Chris Smowton	ac38d4c9c6	Mass rename L/RValue -> VarWrite/Read	2023-10-24 10:58:29 +01:00
Chris Smowton	59a49eef0b	Add aliases for public, importable renamed classes and predicates. ... Also rename and aliases a couple of uses of Access noted along the way.	2023-10-24 10:54:35 +01:00
Chris Smowton	f552a15aae	Mass-rename MethodAccess -> MethodCall	2023-10-24 10:30:26 +01:00
Chris Smowton	a10731c591	Java: introduce more-intuitive names for ClassInstanceExpr, L/RValue and MethodAccess.	2023-10-24 09:38:49 +01:00
Dave Bartolomeo	bd7de83aab	Use extension packs for threat models	2023-10-19 17:07:26 -04:00
Tony Torralba	da44b13fd4	Merge pull request #14515 from atorralba/atorralba/java/spring-csrf-improv ... Java: Improve java/spring-disabled-csrf-protection	2023-10-18 17:49:10 +02:00
Edward Minnix III	15afc3ed64	Merge pull request #14491 from egregius313/egregius313/java/mad/convert-iv ... Java: Refactor `java/static-initialization-vector` to use Models as Data	2023-10-17 13:15:45 -04:00
Ed Minnix	8ed5bfb27d	Remove reference to DataFlow2	2023-10-17 10:59:36 -04:00
Edward Minnix III	21bea38ec8	Merge pull request #14472 from egregius313/egregius313/sync-local-and-remote-queries ... Java: Synchronize `*Local` versions of queries with their remote counterpart	2023-10-16 10:31:40 -04:00
Ed Minnix	c65d407937	Remove old DataFlow2 import	2023-10-16 10:30:00 -04:00
Tony Torralba	d08ee76b16	Java: Improve java/spring-disabled-csrf-protection	2023-10-16 16:01:14 +02:00
Ed Minnix	3356261031	Static IV refactor to MaD	2023-10-13 12:50:49 -04:00
Tony Torralba	0cea3f8531	Remove library annotations	2023-10-13 12:46:56 +02:00
Ed Minnix	4eeaf84133	Sync NumericCastTaintedQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	ec84f072eb	Sync ArithmeticTaintedLocalQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	da933fb77a	Sync ExternallyControlledFormatStringLocalQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	f1886320e5	Sync ImproperValidationOfArrayIndexLocalQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	69531b9f7c	Sync ResponseSplittingLocalQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	ef282955fd	Sync SqlTaintedLocalQuery with SqlInjectionQuery	2023-10-12 09:58:08 -04:00
Ed Minnix	e4f567979a	Sync XSS Local	2023-10-12 09:58:08 -04:00
Michael Nebel	5c44f8bbad	Merge pull request #14370 from michaelnebel/java/enablethreatmodels ... Java: Enable threat models for most Java queries.	2023-10-10 09:25:47 +02:00
Erik Krogh Kristensen	4489e2bf28	Merge pull request #14403 from erik-krogh/dDEps ... All: delete outdated deprecations	2023-10-09 21:04:55 +02:00
Michael Nebel	cf3a62d201	Java: Address review comments.	2023-10-09 13:06:59 +02:00
Anders Schack-Mulligen	4a0ab4a050	Merge pull request #14402 from Marcono1234/marcono1234/MemberRefExpr-getReceiverExpr ... Java: Add predicate `MemberRefExpr::getReceiverExpr`	2023-10-09 13:01:36 +02:00
erik-krogh	e3e8f3d7c4	Java: delete various outdated deprecations	2023-10-09 09:14:54 +02:00
erik-krogh	0d992a3d1f	delete old deprecated aliases of various regex libraries	2023-10-09 09:14:54 +02:00