hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-18 09:43:15 +01:00
Code Issues Packages Projects Releases Wiki Activity
79,003 Commits 1,672 Branches 157 Tags
ginsbach/NewOverlayLocalJavaRebase
Commit Graph

4305 Commits

Author SHA1 Message Date
Owen Mansel-Chan
7371f5e508 Provenance should be "df-manual" 2024-03-19 13:33:49 +00:00
Michael Nebel
70c6744944 Java/Go/Swift: Sync changes. 2024-03-19 14:20:43 +01:00
Tom Hvitved
a6c147134a Java: Switch to shared XML.qll implementation 2024-03-19 13:15:45 +01:00
Tom Hvitved
fc55567d90 Merge pull request #15853 from hvitved/dataflow/get-location 
Data flow: Replace `hasLocationInfo` with `getLocation`
 2024-03-18 20:21:46 +01:00
Owen Mansel-Chan
764e99bda7 Fix model for java.util.Scanner#findall(String) 
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2024-03-18 16:56:20 +00:00
github-actions[bot]
aebe9f6992 Post-release preparation for codeql-cli-2.16.5 2024-03-18 12:16:26 +00:00
Owen Mansel-Chan
7fb05f4a76 Fix duplicate "df-" in "df-df-manual" 2024-03-18 11:17:55 +00:00
github-actions[bot]
0a6243d07b Release preparation for version 2.16.5 2024-03-18 10:14:07 +00:00
Jami Cogswell
658fffeac1 Java: remove experimental files 2024-03-17 22:03:59 -04:00
Owen Mansel-Chan
754d4cd959 Fix model provenance to df-manual 2024-03-17 14:36:47 +00:00
Owen Mansel-Chan
23a58a0835 Add df-manual models related to existing df-manual models 2024-03-17 14:21:05 +00:00
Owen Mansel-Chan
fc367042ef Fix df-manual model with wrong parameter type 2024-03-17 14:21:01 +00:00
Jami Cogswell
55f7369df0 Java: performance fix 2024-03-15 14:06:36 -04:00
Owen Mansel-Chan
8e52483beb Add df-manual models in manually modeled classes 2024-03-15 10:10:23 +00:00
Owen Mansel-Chan
2bd08838d4 Add manual neutral models for java.lang.ClassLoader 2024-03-14 11:40:06 +00:00
Owen Mansel-Chan
5b734c76b6 Add manual neutral models for java.util.Locale and its subclasses 2024-03-14 11:39:59 +00:00
Tony Torralba
eecab9122a Recognize the model generator involvement in the models' provenances 2024-03-14 08:56:23 +01:00
Tony Torralba
5b88b8a3ed A few more neutrals 2024-03-14 08:53:58 +01:00
Tony Torralba
36f6a6fb10 Model more EnumSet methods as neutrals 2024-03-14 08:46:43 +01:00
Jami Cogswell
e285cf232c Java: add resource-related methods as path-injection sinks and as summaries 2024-03-13 22:48:57 -04:00
Jami Cogswell
1b01f26d09 Java: adjust BarrierPrefix to handle prepended chars 2024-03-13 16:28:45 -04:00
Jami Cogswell
04d27f2d65 Java: adjust prefix barriers 2024-03-13 16:28:44 -04:00
Jami Cogswell
e99cea340b Java: update UrlPathBarrier to include FollowsBarrierPrefix 2024-03-13 16:28:44 -04:00
Jami Cogswell
c5a59d6c51 Java: add QLDoc 2024-03-13 16:28:44 -04:00
Jami Cogswell
7310c155e2 Java: rename SpringUrlForwardSink 2024-03-13 16:28:44 -04:00
Jami Cogswell
a8075969d8 Java: add QLDocs to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
042dcf9cd9 Java: some updates to UrlPathBarrier code 2024-03-13 16:28:44 -04:00
Jami Cogswell
052452b186 Java: create UrlDecodeMethod 2024-03-13 16:28:44 -04:00
Jami Cogswell
d220b3a298 Java: some updates to test cases 2024-03-13 16:28:43 -04:00
Jami Cogswell
43b49628fc Java: use new 'SimpleTypeSanitizer', and update some non-extending subtype relationships 2024-03-13 16:28:43 -04:00
Jami Cogswell
2708e53c7f Java: remove redundant imports 2024-03-13 16:28:43 -04:00
Jami Cogswell
f573032b2e Java: remove todo comments from ext files 2024-03-13 16:28:43 -04:00
Jami Cogswell
911a61df22 Java: initial update of barrier and test cases to remove FN 2024-03-13 16:28:42 -04:00
Jami Cogswell
5fa63ab5c2 Java: update/add some TODO comments 2024-03-13 16:28:41 -04:00
Jami Cogswell
09bc21dbd3 Java: rename 'UnsafeUrlForward' to 'UrlForward' 2024-03-13 16:28:41 -04:00
Jami Cogswell
5a9d7552b3 Java: add some comments and minor code reorg 2024-03-13 16:28:41 -04:00
Jami Cogswell
1da1e896cb Java: convert SpringModelAndViewSink to MaD 2024-03-13 16:28:41 -04:00
Jami Cogswell
8d66097483 Java: switch StaplerResponse.forward from request-forgery sink to url-forward sink 2024-03-13 16:28:41 -04:00
Jami Cogswell
42e3825ea3 Java: convert RequestDispatcherSink to MaD 2024-03-13 16:28:40 -04:00
Jami Cogswell
4ff884e26c Java: remove more path-injection related classes (will maybe add some of these back in a separate PR) 2024-03-13 16:28:40 -04:00
Jami Cogswell
2a682995ae Java: move MaD models to correct files, delete ones that already exist 2024-03-13 16:28:40 -04:00
Jami Cogswell
915e106ab3 Java: remove path-injection related models and tests for now 2024-03-13 16:28:40 -04:00
Jami Cogswell
2793f28428 Java: move config to Query.qll file 2024-03-13 16:28:40 -04:00
Jami Cogswell
0d38a9625e Java: copy files from experimental 2024-03-13 16:28:39 -04:00
Tony Torralba
039bea1625 Java: Add more neutral JDK models 
This is similar to https://github.com/github/codeql/pull/15766, in the sense that it adds neutral models to prevent the model generator from generating summaries for them. These models were spotted while evaluating https://github.com/github/codeql/pull/14919.
 2024-03-13 16:59:38 +01:00
Tom Hvitved
02ae2d1520 Java: Implement new data flow interface 2024-03-13 14:41:57 +01:00
Edward Minnix III
d54489931c Merge pull request #15869 from egregius313/egregius313/java/fix/parcelfiledescriptor-open-sink 
Java: Add path-injection sink for `ParcelFileDescriptor::open`
 2024-03-12 16:39:20 -04:00
Erik Krogh Kristensen
863e3f79e5 Merge pull request #15731 from erik-krogh/java-url 
Java: More sanitizers for request-forgery
 2024-03-12 19:31:52 +01:00
erik-krogh
f613823047 add explicit QLDoc that any method named "contains" is matched 2024-03-12 15:25:27 +01:00
erik-krogh
35aae0a981 move changenote to src/ 2024-03-12 15:22:57 +01:00