hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 09:13:20 +01:00
Code Issues Packages Projects Releases Wiki Activity
84,540 Commits 1,671 Branches 157 Tags
codeql-cli-2.23.8
Commit Graph

42 Commits

Author SHA1 Message Date
Michael Nebel
97f0037a7b Java: Manually model InetSocketAddress as the model generator doesn't correctly taint the hostname. 2024-10-21 15:19:40 +02:00
Michael Nebel
db51604f46 Java: Promote some generated models and add some manual neutrals. 2024-08-27 13:28:05 +02:00
Tony Torralba
7a0446740b Update java/ql/lib/ext/java.net.model.yml 
Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
 2024-03-27 09:09:48 +01:00
Tony Torralba
d786ea90a4 Java: Add more neutrals 
Adds more neutral models to help the model generator ignore certain callables.

Also improves the precision of certain URL models by using synthetic fields so that the parts of a URL are tainted separately.
 2024-03-26 17:31:11 +01:00
Owen Mansel-Chan
23a58a0835 Add df-manual models related to existing df-manual models 2024-03-17 14:21:05 +00:00
Tony Torralba
eecab9122a Recognize the model generator involvement in the models' provenances 2024-03-14 08:56:23 +01:00
Tony Torralba
039bea1625 Java: Add more neutral JDK models 
This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.
 2024-03-13 16:59:38 +01:00
Max Schaefer
705a377060 Address review comments. 2024-02-06 12:54:29 +00:00
Max Schaefer
ab6cea14c8 Fix missing quotes. 2024-01-31 11:49:25 +00:00
Max Schaefer
6c6f402fa5 Merge branch 'main' into java/update-mad-decls-after-triage-2024-01-31T11-16-45 2024-01-31 11:29:33 +00:00
Max Schaefer
ad8038bade Update MaD Declarations after Triage 2024-01-31 11:28:10 +00:00
Max Schaefer
13f0df3588 Add two more models. 2024-01-25 15:00:22 +00:00
Max Schaefer
5235291919 Add models for overloads of DatagramPacket constructor 2024-01-25 14:49:05 +00:00
Tony Torralba
1b9f59efa7 Merge pull request #14646 from github/java/update-mad-decls-after-triage-2023-10-31T15-52-01 
Java: Update MaD Declarations after Triage
 2023-12-20 15:37:19 +01:00
Tony Torralba
107a05af71 Update MaD Declarations after Triage 2023-10-31 16:52:02 +01:00
Ed Minnix
02c98fae5f Use hq-generated provenance 2023-10-25 14:31:55 -04:00
Ed Minnix
a85df81b67 Rename sink kind to "credentials-username" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
0612b3795a Rename sink kind to "credentials-password" to match naming convention 2023-10-25 14:31:54 -04:00
Ed Minnix
6b94b77a0a Remove spaces in sig field of models 2023-10-25 14:31:53 -04:00
Ed Minnix
f783ca7940 Fix credential-username 2023-10-25 14:31:53 -04:00
Ed Minnix
35e19eac96 Fix password models 2023-10-25 14:31:53 -04:00
Ed Minnix
49218cdbfb Credential-username models 2023-10-25 14:31:53 -04:00
Ed Minnix
66486b08dc Password models 2023-10-25 14:31:53 -04:00
Stephan Brandauer
4391799b7e Merge pull request #13403 from github/java/update-mad-decls-after-triage-2023-06-08T08-51-47 
Java: Update MaD Declarations after Triage
 2023-07-13 11:15:41 +02:00
Tony Torralba
d07e2862f9 Java: Add URL.toString summary 
This adds coverage for CVE-2023-35149.
 2023-06-22 17:39:30 +02:00
Stephan Brandauer
8f697ac1ee Java: fix broken MaD export format 2023-06-08 12:02:50 +02:00
Stephan Brandauer
bda938c544 Update MaD Declarations after Triage 2023-06-08 10:51:48 +02:00
Jami Cogswell
5dbb698481 Java: update open/jdbc-url sink kinds to request-forgery 2023-05-31 15:50:31 -04:00
Michael Nebel
169d8d5cf9 Java: All ai-generated models have been manually verified. 2023-04-13 09:21:06 +02:00
Tony Torralba
d58d6fe6be Update java/ql/lib/ext/java.net.model.yml 2023-04-06 13:58:13 +02:00
Tony Torralba
cdb3d9ea5a Apply suggestions from code review 2023-04-06 12:23:50 +02:00
Stephan Brandauer
18801b39c6 Update MaD Declarations after Triage 2023-04-06 12:23:50 +02:00
Stephan Brandauer
12bb0d98c0 move toFile back to its original location 2023-03-20 17:09:48 +01:00
Stephan Brandauer
2236db43ec sort the changed MaD declarations 2023-03-20 17:09:46 +01:00
Stephan Brandauer
ec1762e015 Update MaD Declarations after Triage 2023-03-20 17:06:37 +01:00
Michael Nebel
e86f1e4961 Java: Replace Argument[-1] with Argument[this]. 2023-03-20 10:14:20 +01:00
Stephan Brandauer
ccf7d9beec Update MaD Declarations after Triage 2023-03-14 10:32:19 +01:00
Tony Torralba
4a9f63ea1a Fix toASCIIString casing 2023-02-27 09:32:42 +01:00
Alvaro Muñoz
f393a3c549 Add toExternalForm 2023-02-24 18:50:31 +01:00
Alvaro Muñoz
f1d765aa27 Missing taintstep for java.net.URL.toURI() 2023-02-24 18:45:52 +01:00
Michael Nebel
bc02adb400 Java: Make the corresponding rename in all the data extensions. 2022-12-14 13:48:31 +01:00
Michael Nebel
9cb5ff1cdc Java: Add data extensions for all manual models. 2022-11-28 12:30:34 +01:00