hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-19 10:23:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,671 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

4170 Commits

Author SHA1 Message Date
Ed Minnix
855d96db66 Remove extra models 2023-10-25 14:31:55 -04:00
Ed Minnix
d85284da55 Update change note file date 2023-10-25 14:31:55 -04:00
Ed Minnix
02c98fae5f Use hq-generated provenance 2023-10-25 14:31:55 -04:00
Ed Minnix
1ad06f3293 Add missing GaloisCounterMode model 2023-10-25 14:31:55 -04:00
Ed Minnix
9c15cf18e8 Refactor deprecated predicates to use new classes 
Modified the predicates in `SensitiveApi` to rely on the new classes
which are using models as data. This allows us to remove the old
predicates containing the pre-MaD versions of the models.
 2023-10-25 14:31:55 -04:00
Ed Minnix
3b0b5e403c Replace crypto-parameter with credentials-key 2023-10-25 14:31:55 -04:00
Ed Minnix
a2bcc97a74 Remove CipherBlockChaining#init 2023-10-25 14:31:55 -04:00
Ed Minnix
743814a234 Delete private methods 2023-10-25 14:31:55 -04:00
Ed Minnix
c2d072e3f8 Remove redundant Cipher init methods 
Remove redundant `init` methods which are overriding `FeedbackCipher`
and `SymmetricCipher`.
 2023-10-25 14:31:54 -04:00
Ed Minnix
22d968fba3 Delete private methods 2023-10-25 14:31:54 -04:00
Ed Minnix
31b069041f Initialization vector models 2023-10-25 14:31:54 -04:00
Ed Minnix
a8eb95a688 Remove redundant engineUnwrap method models 
Most implementations of `engineUnwrap` are overriding the method from
`javax.crypto.CipherSpi`. Therefore, these models can be compressed into
a single model.
 2023-10-25 14:31:54 -04:00
Ed Minnix
64d23d4f9b Delete private methods 2023-10-25 14:31:54 -04:00
Ed Minnix
5b2d226c35 Remove unneeded models 2023-10-25 14:31:54 -04:00
Ed Minnix
1edca19419 Remove redundant KeyStoreSpi models 
`java.security.KeyStoreSpi` is an abstract class. This removes its
subclasses' models, and instead uses model-as-data's capability to use
subclasses.
 2023-10-25 14:31:54 -04:00
Edward Minnix III
72a1289eba Rename class to CredentialsSinkNode to better align with naming convention 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:54 -04:00
Ed Minnix
a85df81b67 Rename sink kind to "credentials-username" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
0612b3795a Rename sink kind to "credentials-password" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
3ee0fa9bc4 Add deprecation messages 2023-10-25 14:31:54 -04:00
Ed Minnix
b77b3763be Fix com.amazonaws.auth models 2023-10-25 14:31:54 -04:00
Ed Minnix
8eeb861963 ch.ethz.ssh2 fixes 2023-10-25 14:31:54 -04:00
Edward Minnix III
2f53adf2c2 Fix typo 
Co-authored-by: Jami <57204504+jcogs33@users.noreply.github.com>
 2023-10-25 14:31:54 -04:00
Ed Minnix
dbb5aa9aad Change note 2023-10-25 14:31:54 -04:00
Ed Minnix
083a5068c3 Remove unnecessary models 2023-10-25 14:31:53 -04:00
Ed Minnix
886c85ddc1 Fix net.schmizz.sshj models 2023-10-25 14:31:53 -04:00
Ed Minnix
ee6cb96d07 Add a superclass for credential nodes 2023-10-25 14:31:53 -04:00
Ed Minnix
3219edc603 Change credential-other to more appropriate sink kinds 2023-10-25 14:31:53 -04:00
Ed Minnix
6b94b77a0a Remove spaces in sig field of models 2023-10-25 14:31:53 -04:00
Ed Minnix
f8c3b2977a Fix credential-other 2023-10-25 14:31:53 -04:00
Ed Minnix
f783ca7940 Fix credential-username 2023-10-25 14:31:53 -04:00
Ed Minnix
96d6ecb108 Fix crypto parameters 2023-10-25 14:31:53 -04:00
Ed Minnix
35e19eac96 Fix password models 2023-10-25 14:31:53 -04:00
Ed Minnix
4f8908106b Refactor HardcodedCredentials to use new SensitiveApi api 2023-10-25 14:31:53 -04:00
Ed Minnix
f7c07d55ed Credential-other sinks 2023-10-25 14:31:53 -04:00
Ed Minnix
49218cdbfb Credential-username models 2023-10-25 14:31:53 -04:00
Ed Minnix
18661eee77 Crypto-parameter models 2023-10-25 14:31:53 -04:00
Ed Minnix
66486b08dc Password models 2023-10-25 14:31:53 -04:00
Ed Minnix
4aec302fb7 Create new sink kinds 2023-10-25 14:31:53 -04:00
Anders Schack-Mulligen
283d6efdf8 Rangeanalysis/Java/C++: Address some ql4ql findings. 2023-10-25 14:06:35 +02:00
Jami
53d92d58fc Merge pull request #14581 from jcogs33/jcogs33/add-internal-to-model-exclusions 
Java: exclude internal packages globally from MaD models
 2023-10-25 08:04:03 -04:00
Anders Schack-Mulligen
2592c94c54 Java: Replace range analysis with shared version. 2023-10-25 11:29:55 +02:00
Anders Schack-Mulligen
36082808d3 Java: Implement shared range analysis signatures. 2023-10-25 11:29:55 +02:00
Marcono1234
bf20b8e5a5 Kotlin: Mention Literal::getLiteral() difference from source code 
It appears the Kotlin extractor does not have access to the actual
string representation in the source code, and for most literal types
uses simply the represented value also as `getLiteral` result, see
https://github.com/github/codeql/blob/codeql-cli/v2.15.1/java/kotlin-extractor/src/main/kotlin/KotlinFileExtractor.kt#L4443
 2023-10-25 02:04:54 +02:00
Dave Bartolomeo
5fd56ce866 Alternate threat model implementation 2023-10-24 13:12:37 -04:00
Jami Cogswell
121fd0896b Java: exclude internal packages in general from models 2023-10-24 12:49:49 -04:00
Tony Torralba
9f7a8aa18c Update MaD Declarations after Triage 2023-10-24 17:42:03 +02:00
Chris Smowton
30610c9a3f Temporarily de-deprecate SuperMethodAccess to accommodate private tests 2023-10-24 16:05:52 +01:00
Chris Smowton
4205f1bd03 Temporarily un-deprecate MethodAccess to decouple from private tests 2023-10-24 14:03:26 +01:00
Chris Smowton
06238dd5f6 Improve reflective class names 2023-10-24 13:29:32 +01:00
Chris Smowton
011666b48c Fix description and improve predicate name of VarWrite. 2023-10-24 12:59:57 +01:00